An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-11-28T16:25:43.177Z
Updated: 2024-08-02T19:23:39.566Z
Reserved: 2023-09-11T11:20:01.211Z
Link: CVE-2023-42502
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-28T17:15:07.907
Modified: 2024-11-21T08:22:40.920
Link: CVE-2023-42502
Redhat
No data.