Apache Superset Open Redirect vulnerability
Moderate severity
GitHub Reviewed
Published
Jan 16, 2023
to the GitHub Advisory Database
•
Updated Jan 24, 2023
Description
Published by the National Vulnerability Database
Jan 16, 2023
Published to the GitHub Advisory Database
Jan 16, 2023
Reviewed
Jan 20, 2023
Last updated
Jan 24, 2023
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References