CVE-2023-27524 - Apache Superset Insecure Default Initialization of Resource Vulnerability
Apache | Superset
- Date Added:
- 2024-01-08
- Due Date:
- 2024-01-29
- Vulnerability Name
Apache Superset Insecure Default Initialization of Resource Vulnerability
- Description
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk; https://nvd.nist.gov/vuln/detail/CVE-2023-27524
Free online web security scanner