Severity
Medium
Analysis Summary
CVE-2023-42502 CVSS:4.8
Apache Superset could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the HTTP Host header. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVE-2023-42504 CVSS:5.8
Apache Superset is vulnerable to a denial of service, caused by the lack of rate limiting. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-42505 CVSS:4.3
Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain username information, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-42502
- CVE-2023-42504
- CVE-2023-42505
Affected Vendors
Apache
Affected Products
- Apache Superset 2.1.1
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.