You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@superset.apache.org by Singh Arvind <pm...@gmail.com> on 2023/02/06 18:04:43 UTC

RE: CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API

Hi,

With reference to your mail on apache cumminity ,  while set-up the apache
superset on local system for company but there are coming issues after
installied  all prerquestion software  required on machine
That's why have need support from your end
Request you please send your contact details and  email so that I can
resolve this issue as on urgent basis
And you can transfer the to respective person who can resolve it at earliest
 And  also looking api to connect with third party please help out the same
Regards
Arvind Kumar

On 2023/01/16 09:19:57 Daniel Gaspar wrote:
> Severity: moderate
>
> Description:
>
> Two legacy REST API endpoints for approval and request access are
vulnerable to cross site request forgery. This issue affects Apache
Superset version 1.5.2 and prior versions and version 2.0.0.
>
> Credit:
>
> Positive Technologies (finder)
>
> References:
>
> https://superset.apache.org
> https://www.cve.org/CVERecord?id=CVE-2022-43719
>
>

Re: CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API

Posted by multazim deshmukh <mu...@gmail.com>.

Hi Arvind,

Slack is the best place to get quick help. You can join using
http://bit.ly/join-superset-slack


On Monday, February 6, 2023, Singh Arvind <pm...@gmail.com> wrote:

> Hi,
>
> With reference to your mail on apache cumminity ,  while set-up the apache
> superset on local system for company but there are coming issues after
> installied  all prerquestion software  required on machine
> That's why have need support from your end
> Request you please send your contact details and  email so that I can
> resolve this issue as on urgent basis
> And you can transfer the to respective person who can resolve it at
> earliest
>  And  also looking api to connect with third party please help out the same
> Regards
> Arvind Kumar
>
> On 2023/01/16 09:19:57 Daniel Gaspar wrote:
> > Severity: moderate
> >
> > Description:
> >
> > Two legacy REST API endpoints for approval and request access are
> vulnerable to cross site request forgery. This issue affects Apache
> Superset version 1.5.2 and prior versions and version 2.0.0.
> >
> > Credit:
> >
> > Positive Technologies (finder)
> >
> > References:
> >
> > https://superset.apache.org
> > https://www.cve.org/CVERecord?id=CVE-2022-43719
> >
> >
>


-- 
Regards
Multazim Deshmukh
https://www.linkedin.com/in/multazim-deshmukh-a5b68429/