CVE-2023-27524 - Apache Superset Insecure Default Initialization of Resource Vulnerability
Project:Apache
Product:Superset
Date Added:2024-01-08Due Date:2024-01-29
Vulnerability Name
Apache Superset Insecure Default Initialization of Resource Vulnerability
Description
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
https://nvd.nist.gov/vuln/detail/CVE-2023-27524