支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2023-27524 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
不安全的默认资源初始化
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Apache Superset 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Apache Superset是美国阿帕奇(Apache)基金会的一个数据可视化和数据探索平台。 Apache Superset 2.0.1版本及之前版本存在安全漏洞。攻击者利用该漏洞验证和访问未经授权的资源。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Apache Software FoundationApache Superset 0 ~ 2.0.1 -
二、漏洞 CVE-2023-27524 的公开POC
#POC 描述源链接神龙链接
1Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Supersethttps://github.com/horizon3ai/CVE-2023-27524POC详情
2Apahce-Superset身份认证绕过漏洞(CVE-2023-27524)检测工具https://github.com/Okaytc/Superset_auth_bypass_checkPOC详情
3Apache Superset Auth Bypass Vulnerability CVE-2023-27524.https://github.com/antx-code/CVE-2023-27524POC详情
4A POC for the all new CVE-2023-27524 which allows for authentication bypass and gaining access to the admin dashboard.https://github.com/MaanVader/CVE-2023-27524-POCPOC详情
5Perform With Apache-SuperSet Leaked Token [CSRF]https://github.com/ThatNotEasy/CVE-2023-27524POC详情
6Nonehttps://github.com/TardC/CVE-2023-27524POC详情
7CVE-2023-27524https://github.com/necroteddy/CVE-2023-27524POC详情
8Nonehttps://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCEPOC详情
9Apache Superset 默认SECRET_KEY 漏洞(CVE-2023-27524)https://github.com/CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524-POC详情
10CVE-2023-27524https://github.com/NguyenCongHaiNam/Research-CVE-2023-27524POC详情
11Tool for finding CVE-2023-27524 (Apache Superset - Authentication Bypass)https://github.com/karthi-the-hacker/CVE-2023-27524POC详情
12Tool for finding CVE-2023-27524 (Apache Superset - Authentication Bypass)https://github.com/Cappricio-Securities/CVE-2023-27524POC详情
13Apache Superset Auth Bypass Vulnerability CVE-2023-27524.https://github.com/ZZ-SOCMAP/CVE-2023-27524POC详情
14CVE-2023-27524https://github.com/h1n4mx0/Research-CVE-2023-27524POC详情
15Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27524.yamlPOC详情
16Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Apache%20Superset%20%E7%A1%AC%E7%BC%96%E7%A0%81%20JWT%20%E5%AF%86%E9%92%A5%E5%AF%BC%E8%87%B4%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2023-27524.mdPOC详情
17https://github.com/vulhub/vulhub/blob/master/superset/CVE-2023-27524/README.mdPOC详情
18Apache Superset Auth Bypass (CVE-2023-27524)https://github.com/tardc/CVE-2023-27524POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2023-27524 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2023-27524 的评论

暂无评论

发表评论