CVE-2023-43701

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892	Mailing List
https://www.openwall.com/lists/oss-security/2023/11/27/4	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

History

01 Dec 2023, 19:10

Type	Values Removed	Values Added
First Time		Apache Apache superset
CPE		cpe:2.3:a:apache:superset::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
References	~~() https://www.openwall.com/lists/oss-security/2023/11/27/4 -~~	() https://www.openwall.com/lists/oss-security/2023/11/27/4 - Mailing List
References	~~() https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892 -~~	() https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892 - Mailing List

27 Nov 2023, 15:15

Type	Values Removed	Values Added
References	~~{'url': 'http://www.openwall.com/lists/oss-security/2023/11/27/4', 'name': 'http://www.openwall.com/lists/oss-security/2023/11/27/4', 'tags': [], 'refsource': ''}~~	() https://www.openwall.com/lists/oss-security/2023/11/27/4 -

27 Nov 2023, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-27 11:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-43701

Mitre link : CVE-2023-43701

CVE.ORG link : CVE-2023-43701

JSON object : View

Products Affected

apache

superset

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-43701", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-11-27T11:15:07.950", "references": [{"url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://www.openwall.com/lists/oss-security/2023/11/27/4", "tags": ["Mailing List"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint.\u00a0This issue affects Apache Superset versions prior to 2.1.2.\u00a0\nUsers are recommended to upgrade to version 2.1.2, which fixes this issue."}, {"lang": "es", "value": "Una validaci\u00f3n de payload inadecuado y un tipo de respuesta de API REST inadecuado hicieron posible que un actor malicioso autenticado almacenara c\u00f3digo malicioso en los metadatos de Chart; este c\u00f3digo podr\u00eda ejecutarse si un usuario accede espec\u00edficamente a un endpoint de API obsoleto espec\u00edfico. Este problema afecta a las versiones de Apache Superset anteriores a la 2.1.2. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.2, que soluciona este problema."}], "lastModified": "2023-12-01T19:10:49.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15732220-B366-4C92-A7D6-8C5DF4C9CA20", "versionEndExcluding": "2.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}