logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-27524

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-27524

Description:
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
Last updated date:
01/21/2024

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
01/08/2024
Reference url to background

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:
exploit
Confidence:
HIGH
Date of publishing:
04/25/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
04/27/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
04/27/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
05/04/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
05/04/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
05/08/2023
Reference url to background

https://github.com/TardC/CVE-2023-27524

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/08/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
09/12/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
10/10/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/21/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/21/2024
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy