- POC for CVE-2023-27524: Apache Superset Auth Bypass Vulnerability.
- create by antx at 2023-04-27.
- Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
- attackComplexity: HIGH
- attackVector: NETWORK
- availabilityImpact: LOW
- confidentialityImpact: HIGH
- integrityImpact: HIGH
- privilegesRequired: NONE
- scope: CHANGED
- userInteraction: NONE
- version: 3.1
- baseScore: 8.9
- baseSeverity: HIGH
- Apache Superset
- <= 2.0.1
- Ref-Source
- CVE
- NVD
- Ref-Poc-Engine