Podatność CVE-2023-27524
Publikacja: 2023-04-24

Opis:
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Apache Superset 2.0.0 Remote Code Execution
h00die
14.10.2023

Typ:

CWE-1188

 Referencje:
https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
Copyright 2024, cxsecurity.com

 

Back to Top