CVE-2023-42502
CVSS V2 None
CVSS V3 None
Description
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
Overview
- CVE ID
- CVE-2023-42502
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-28T16:25:43.177Z
- Last Modified Date
- 2023-11-30T08:14:26.949Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-42502 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42502 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 13:30:52 | Added to TrackCVE |