## Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776)

|   **Vulnerability**  | 	Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776)  |
| :----:   | :-----|
|  **Chinese name**  | 	Apache Superset Cookie 权限绕过漏洞（CVE-2023-27524） |
| **CVSS core**  | 	9.8 |
| **FOFA Query**  (click to view the results directly)| [app="APACHE-Superset"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCB0aXRsZT0iNTAwOiBJbnRlcm5hbCBzZXJ2ZXIgZXJyb3IgfCBTdXBlcnNldCIgfHwgdGl0bGU9IjQwNDogTm90IGZvdW5kIHwgU3VwZXJzZXQiIHx8IGJhbm5lcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCBiYW5uZXI9Ii9zdXBlcnNldC9kYXNoYm9hcmQvIg%3D%3D)|
| **Number of assets affected**  | 		56089 |
| **Description**  | 	Apache Superset is an open source modern data exploration and visualization platform.Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state. |
| **Impact** | 	Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state. |

![](https://s3.bmp.ovh/imgs/2023/10/10/ec147824884d3597.gif)