Overview
- Description
- An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
- Source
- security@apache.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@apache.org
- CWE-601
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD514249-ED9E-45F1-9D50-4A7CE6DB166B",
"versionEndIncluding": "1.5.2"
},
{
"criteria": "cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35CD3C6F-B3E0-437C-A1D7-EF700C76923C"
},
{
"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6"
},
{
"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC060A49-79ED-4539-9E68-EDB15D7F2445"
}
],
"operator": "OR"
}
]
}
]