CVE-2022-43720 - OpenCVE

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Superset

Configuration 1 [-]

OR	cpe:2.3:a:apache:superset::::::::
	cpe:2.3:a:apache:superset:2.0.0:-::::::
	cpe:2.3:a:apache:superset:2.0.0:rc1::::::
	cpe:2.3:a:apache:superset:2.0.0:rc2::::::

No data.

References

Link	Providers
https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-01-16T10:10:41.565Z

Updated: 2024-08-03T13:40:06.549Z

Reserved: 2022-10-24T10:13:23.347Z

Link: CVE-2022-43720

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-16T11:15:10.587

Modified: 2023-11-07T03:54:02.283

Link: CVE-2022-43720

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43720", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-10-24T10:13:23.347Z", "datePublished": "2023-01-16T10:10:41.565Z", "dateUpdated": "2024-08-03T13:40:06.549Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Superset", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.0.1", "status": "affected", "version": "2.0.0", "versionType": "semver"}, {"lessThanOrEqual": "1.5.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Anton Vaychikauskas (Positive Technologies)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. <span style=\"background-color: rgb(255, 255, 255);\">This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.</span><br>"}], "value": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record.\u00a0This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-02-02T10:16:30.809Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Superset: Improper rendering of user input", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.549Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD514249-ED9E-45F1-9D50-4A7CE6DB166B", "versionEndIncluding": "1.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "35CD3C6F-B3E0-437C-A1D7-EF700C76923C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BC060A49-79ED-4539-9E68-EDB15D7F2445", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record.\u00a0This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n"}, {"lang": "es", "value": "Un atacante autenticado con permisos de escritura de plantillas CSS puede crear un registro con etiquetas HTML espec\u00edficas que no se escapar\u00e1n correctamente en el mensaje del sistema que se muestra cuando un usuario elimina ese registro de plantilla CSS espec\u00edfico. Este problema afecta a Apache Superset versi\u00f3n 1.5.2 y versiones anteriores y a la versi\u00f3n 2.0.0."}], "id": "CVE-2022-43720", "lastModified": "2023-11-07T03:54:02.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-16T11:15:10.587", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security@apache.org", "type": "Secondary"}]}