CVE-2023-27524CISA KEV: Actively Exploited

Apache Superset Insecure Default Initialization of Resource Vulnerability

Published Jan 8, 2024·Updated Jan 8, 2024

Description

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

Public Exploits & PoCs10 found

PoC: CVE-2023-27524

Apache Superset Auth Bypass (CVE-2023-27524)

12

PoC: CVE-2023-27524

Apache Superset Auth Bypass Vulnerability CVE-2023-27524.

2

PoC: CVE-2023-27524

Perform With Apache-SuperSet Leaked Token [CSRF]

1

PoC: CVE-2023-27524

Tool for finding CVE-2023-27524 (Apache Superset - Authentication Bypass)

PoC: Research-CVE-2023-27524

CVE-2023-27524

PoC: Apache-Superset-SECRET_KEY-CVE-2023-27524-

Apache Superset 默认SECRET_KEY 漏洞(CVE-2023-27524)

PoC: CVE-2023-27524

CVE-2023-27524

PoC: CVE-2023-27524-POC

A POC for the all new CVE-2023-27524 which allows for authentication bypass and gaining access to the admin dashboard.

PoC: Superset_auth_bypass_check

Apahce-Superset身份认证绕过漏洞(CVE-2023-27524)检测工具

PoC: CVE-2023-27524

Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free