CVE-2023-42502

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 28, 2023

Updated: Dec 4, 2023

CWE ID 601

Summary

CVE-2023-42502 is a vulnerability affecting Apache Superset versions prior to 3.0.0. An authenticated user with update datasets permission can exploit this issue by altering a dataset link through manipulation of the HTTP Host header. The result is a potential redirection of users to an untrusted site when accessing the affected dataset. This security weakness poses a risk of data exfiltration or other malicious actions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Superset

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sp2Hmm
https://www.cve.org/CVERecord?id=CVE-2023-42502
https://nvd.nist.gov/vuln/detail/CVE-2023-42502

Back to Vulnerability Database