CVE-2022-43719

HIGH8.8EPSS 1.5%

Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API

Published: 1/16/2023Modified: 11/6/2025

Description

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected packages (2)

Bitnami/supersetfrom 0, < 1.5.3, >= 2.0.0, < 2.0.1
PyPI/apache-supersetfrom 0, <= 1.5.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43719
PATCHhttps://github.com/apache/superset
WEBhttps://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0