URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-43721
Summary
In Apache Superset, an authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. Versions through 1.5.2 and 2.x through 2.0.0 are affected by this vulnerability.
- LOW
- NETWORK
- LOW
- CHANGED
- REQUIRED
- LOW
- LOW
- NONE
CWE-601 - Open Redirect
An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.
References
Advisory Timeline
- Published