cve/2023/CVE-2023-27524.md

### [CVE-2023-27524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27524)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Superset&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.0.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brighgreen)

### Description

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.Add a strong SECRET_KEY to your `superset_config.py` file like:SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

### POC

#### Reference
- http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
- http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
- https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
- https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/20142995/sectool
- https://github.com/Awrrays/FrameVul
- https://github.com/CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524-
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/MaanVader/CVE-2023-27524-POC
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NguyenCongHaiNam/Research-CVE-2023-27524
- https://github.com/Okaytc/Superset_auth_bypass_check
- https://github.com/Ostorlab/KEV
- https://github.com/Pari-Malam/CVE-2023-27524
- https://github.com/TardC/CVE-2023-27524
- https://github.com/ThatNotEasy/CVE-2023-27524
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/XRSec/AWVS-Update
- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
- https://github.com/aleksey-vi/offzone_2023
- https://github.com/aleksey-vi/presentation-report
- https://github.com/antx-code/CVE-2023-27524
- https://github.com/d-rn/vulBox
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/gobysec/Research
- https://github.com/hktalent/TOP
- https://github.com/horizon3ai/CVE-2023-27524
- https://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE
- https://github.com/karthi-the-hacker/CVE-2023-27524
- https://github.com/kovatechy/Cappricio
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/machevalia/ButProxied
- https://github.com/necroteddy/CVE-2023-27524
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nvn1729/advisories
- https://github.com/summerainX/vul_poc
- https://github.com/todb-cisa/kev-cwes
- https://github.com/togacoder/superset_study
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-27524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27524)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Superset&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.0.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brighgreen)`

			`### Description`

Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.Add a strong SECRET_KEY to your `superset_config.py` file like:SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html`
			`- http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html`
			`- https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/0day404/vulnerability-poc`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/20142995/sectool`
			`- https://github.com/Awrrays/FrameVul`
			`- https://github.com/CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524-`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/KayCHENvip/vulnerability-poc`
			`- https://github.com/MaanVader/CVE-2023-27524-POC`
			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/NguyenCongHaiNam/Research-CVE-2023-27524`
			`- https://github.com/Okaytc/Superset_auth_bypass_check`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Pari-Malam/CVE-2023-27524`
			`- https://github.com/TardC/CVE-2023-27524`
			`- https://github.com/ThatNotEasy/CVE-2023-27524`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Threekiii/CVE`
			`- https://github.com/XRSec/AWVS-Update`
			`- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android`
			`- https://github.com/aleksey-vi/offzone_2023`
			`- https://github.com/aleksey-vi/presentation-report`
			`- https://github.com/antx-code/CVE-2023-27524`
			`- https://github.com/d-rn/vulBox`
			`- https://github.com/d4n-sec/d4n-sec.github.io`
			`- https://github.com/gobysec/Research`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/horizon3ai/CVE-2023-27524`
			`- https://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE`
Update CVE sources 2024-06-10 07:22 2024-06-10 07:22:43 +00:00			`- https://github.com/karthi-the-hacker/CVE-2023-27524`
			`- https://github.com/kovatechy/Cappricio`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/machevalia/ButProxied`
			`- https://github.com/necroteddy/CVE-2023-27524`
			`- https://github.com/netlas-io/netlas-dorks`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/nvn1729/advisories`
			`- https://github.com/summerainX/vul_poc`
			`- https://github.com/todb-cisa/kev-cwes`
			`- https://github.com/togacoder/superset_study`