CVE-2022-43721: URL Redirection to Untrusted Site ('Open Redirect')

January 16, 2023 (updated November 7, 2023)

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

github.com/advisories/GHSA-fcg4-pm6h-9xx2
lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
nvd.nist.gov/vuln/detail/CVE-2022-43721

Detect and mitigate CVE-2022-43721 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →