An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-28T16:25:43.177Z

Updated: 2024-08-02T19:23:39.566Z

Reserved: 2023-09-11T11:20:01.211Z

Link: CVE-2023-42502

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-28T17:15:07.907

Modified: 2024-11-21T08:22:40.920

Link: CVE-2023-42502

cve-icon Redhat

No data.