CVE-2021-28125

Опубликовано: 27 апр. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Ссылки

http://www.openwall.com/lists/oss-security/2021/04/27/2
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/04/27/2
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 89%

0.04916

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-pfwg-rxf4-97c3