[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-42502: Apache Superset: Open Redirect Vulnerability
From: Daniel Gaspar <dpgaspar () apache ! org>
Date: 2023-11-28 16:08:27
Message-ID: fc678fd3-504c-9a25-98d9-8a94203e7e39 () apache ! org
[Download RAW message or body]
Affected versions:
- Apache Superset before 3.0.0
Description:
An authenticated attacker with update datasets permission could change a dataset link to an \
untrusted site by spoofing the HTTP Host header, users could be redirected to this site when \
clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
Credit:
Amit Laish – GE Vernova (finder)
References:
https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-42502
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic