CVE-2022-43721

CVE-2022-43721: Apache Superset: Open Redirect Vulnerability

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-601 · Open redirect

Published January 16, 2023

Last update April 7, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Key dates

Disclosure timeline

January 16, 2023 CVE published

April 7, 2025 Record updated

Identifiers

CVE CVE-2022-43721

CWE CWE-601

Affected versions

Vendor Apache Software Foundation

Product Apache Superset

Affected ≥ 2.0.0 and < 2.0.1

Vendor Apache Software Foundation

Product Apache Superset

Affected ≤ 1.5.2