CVE-2022-43720

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l	Mailing List Vendor Advisory
https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:superset::::::::
	cpe:2.3:a:apache:superset:2.0.0:-::::::
	cpe:2.3:a:apache:superset:2.0.0:rc1::::::
	cpe:2.3:a:apache:superset:2.0.0:rc2::::::

History

21 Nov 2024, 07:27

Type	Values Removed	Values Added
Summary		(es) Un atacante autenticado con permisos de escritura de plantillas CSS puede crear un registro con etiquetas HTML específicas que no se escaparán correctamente en el mensaje del sistema que se muestra cuando un usuario elimina ese registro de plantilla CSS específico. Este problema afecta a Apache Superset versión 1.5.2 y versiones anteriores y a la versión 2.0.0.
References	~~() https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l - Mailing List, Vendor Advisory~~	() https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l - Mailing List, Vendor Advisory

Information

Published : 2023-01-16 11:15

Updated : 2025-04-07 15:15

NVD link : CVE-2022-43720

Mitre link : CVE-2022-43720

CVE.ORG link : CVE-2022-43720

JSON object : View

Products Affected

apache

superset

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

NVD-CWE-Other

{"id": "CVE-2022-43720", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2023-01-16T11:15:10.587", "references": [{"url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-74"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record.\u00a0This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n"}, {"lang": "es", "value": "Un atacante autenticado con permisos de escritura de plantillas CSS puede crear un registro con etiquetas HTML espec\u00edficas que no se escapar\u00e1n correctamente en el mensaje del sistema que se muestra cuando un usuario elimina ese registro de plantilla CSS espec\u00edfico. Este problema afecta a Apache Superset versi\u00f3n 1.5.2 y versiones anteriores y a la versi\u00f3n 2.0.0."}], "lastModified": "2025-04-07T15:15:41.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD514249-ED9E-45F1-9D50-4A7CE6DB166B", "versionEndIncluding": "1.5.2"}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35CD3C6F-B3E0-437C-A1D7-EF700C76923C"}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6"}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC060A49-79ED-4539-9E68-EDB15D7F2445"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}