Skip to main content

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2022-43721

Severity Medium
Score 5.4/10

Summary

In Apache Superset, an authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. Versions through 1.5.2 and 2.x through 2.0.0 are affected by this vulnerability.

  • LOW
  • NETWORK
  • LOW
  • CHANGED
  • REQUIRED
  • LOW
  • LOW
  • NONE

CWE-601 - Open Redirect

An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.

Advisory Timeline

  • Published