Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-43719
CVE-2022-43719:
Python vulnerability analysis and mitigation
Overview
Apache Superset versions 1.5.2 and prior, as well as version 2.0.0, were found to contain two legacy REST API endpoints vulnerable to cross-site request forgery (CSRF). These endpoints, specifically related to approval and request access functionalities, were discovered and disclosed in January 2023 (NVD, Apache List).
Technical details
The vulnerability, identified as CVE-2022-43719, is classified as having moderate severity. It specifically affects two legacy REST API endpoints used for approval and request access functionalities in Apache Superset. The vulnerability allows potential cross-site request forgery attacks against these endpoints (MITRE CVE).
Impact
The vulnerability could potentially allow attackers to perform unauthorized actions through cross-site request forgery attacks on the affected REST API endpoints, specifically targeting the approval and request access functionalities (Security Online).
Mitigation and workarounds
The vulnerability has been patched in Apache Superset versions 1.5.3 and 2.0.1. Users are advised to upgrade to these or later versions to mitigate the risk (Security Online).
Additional resources
Source: This report was generated using AI
Related Python vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management