## Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)

|   **Vulnerability**  | **Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)**  |
| :----:   | :-----|
|  **Chinese name**  | Apache Superset 权限绕过漏洞（CVE-2023-27524） |
| **CVSS core**  | 8.9 |
| **FOFA Query**  (click to view the results directly)| [(title="Superset" && (body="appbuilder" \|\| body="\<img src=\"https://joinsuperset.com/img/supersetlogovector.svg")) \|\| body="\<a href=\"https://manage.app-sdx.preset.io\" class=\"button\">Back to workspaces\</a>\</section>" \|\| (body="/static/assets/dist/common.644ae7ae973b00abc14b.entry.js" \|\| (body="/static/assets/images/favicon.png" && body="/static/appbuilder/js/jquery-latest.js") && body="Superset") \|\| header="/superset/welcome/" \|\|  title="500: Internal server error | Superset" \|\| title="404: Not found | Superset" \|\| banner="/superset/welcome/" \|\| banner="/superset/dashboard/"](https://en.fofa.info/result?qbase64=KHRpdGxlPSJTdXBlcnNldCIgJiYgKGJvZHk9ImFwcGJ1aWxkZXIiIHx8IGJvZHk9IjxpbWcgc3JjPVwiaHR0cHM6Ly9qb2luc3VwZXJzZXQuY29tL2ltZy9zdXBlcnNldGxvZ292ZWN0b3Iuc3ZnIikpIHx8IGJvZHk9IjxhIGhyZWY9XCJodHRwczovL21hbmFnZS5hcHAtc2R4LnByZXNldC5pb1wiIGNsYXNzPVwiYnV0dG9uXCI%2BQmFjayB0byB3b3Jrc3BhY2VzPC9hPjwvc2VjdGlvbj4iIHx8IChib2R5PSIvc3RhdGljL2Fzc2V0cy9kaXN0L2NvbW1vbi42NDRhZTdhZTk3M2IwMGFiYzE0Yi5lbnRyeS5qcyIgfHwgKGJvZHk9Ii9zdGF0aWMvYXNzZXRzL2ltYWdlcy9mYXZpY29uLnBuZyIgJiYgYm9keT0iL3N0YXRpYy9hcHBidWlsZGVyL2pzL2pxdWVyeS1sYXRlc3QuanMiKSAmJiBib2R5PSJTdXBlcnNldCIpIHx8IGhlYWRlcj0iL3N1cGVyc2V0L3dlbGNvbWUvIiB8fCAgdGl0bGU9IjUwMDogSW50ZXJuYWwgc2VydmVyIGVycm9yIHwgU3VwZXJzZXQiIHx8IHRpdGxlPSI0MDQ6IE5vdCBmb3VuZCB8IFN1cGVyc2V0IiB8fCBiYW5uZXI9Ii9zdXBlcnNldC93ZWxjb21lLyIgfHwgYmFubmVyPSIvc3VwZXJzZXQvZGFzaGJvYXJkLyI%3D) |
| **Number of assets affected**  | 43325 |
| **Description**  | Apache Superset is a data visualization and data exploration platform of the Apache Foundation. Apache Superset versions 2.0.1 and earlier have security vulnerabilities. Attackers exploit this vulnerability to verify and access unauthorized resources. |
| **Impact** | Attackers can exploit this vulnerability to verify and access unauthorized resources. |

![](https://s3.bmp.ovh/imgs/2023/05/22/46c693629791a204.gif)