CVE-2023-27524 - Vulnerability Details - OpenCVE

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Jan. 8, 2024.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apache	Superset

Configuration 1 [-]

cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
https://www.openwall.com/lists/oss-security/2023/04/24/2

History

Mon, 03 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-01-08'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-04-24T15:28:16.573Z

Updated: 2025-02-03T16:40:05.497Z

Reserved: 2023-03-02T13:28:19.726Z

Link: CVE-2023-27524

Vulnrichment

Updated: 2024-08-02T12:16:35.472Z

NVD

Status : Modified

Published: 2023-04-24T16:15:07.843

Modified: 2024-11-21T07:53:05.773

Link: CVE-2023-27524

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27524", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-03-02T13:28:19.726Z", "datePublished": "2023-04-24T15:28:16.573Z", "dateUpdated": "2025-02-03T16:40:05.497Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Superset", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.0.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Naveen Sunkavally (Horizon3.ai)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.<br><br>All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.<br>Add a strong SECRET_KEY to your `superset_config.py` file like:<br><br>SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY><br><br>Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.<br>"}], "value": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your `superset_config.py` file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-04-08T09:07:31.645Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk"}, {"url": "https://www.openwall.com/lists/oss-security/2023/04/24/2"}, {"url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html"}, {"url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Superset: Session validation vulnerability when using provided default SECRET_KEY", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:35.472Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk"}, {"url": "https://www.openwall.com/lists/oss-security/2023/04/24/2", "tags": ["x_transferred"]}, {"url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html", "tags": ["x_transferred"]}, {"url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27524", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-03T16:30:35.297888Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27524"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T16:40:05.497Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/04/24/2", "tags": ["x_transferred"]}, {"url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html", "tags": ["x_transferred"]}, {"url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:35.472Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27524", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-03T16:30:35.297888Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-01-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27524"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T16:31:26.187Z"}}], "cna": {"title": "Apache Superset: Session validation vulnerability when using provided default SECRET_KEY", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Naveen Sunkavally (Horizon3.ai)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Superset", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk", "tags": ["vendor-advisory"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/04/24/2"}, {"url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html"}, {"url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your `superset_config.py` file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.\n", "supportingMedia": [{"type": "text/html", "value": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.<br><br>All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.<br>Add a strong SECRET_KEY to your `superset_config.py` file like:<br><br>SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY><br><br>Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-04-08T09:07:31.645Z"}}}, "cveMetadata": {"cveId": "CVE-2023-27524", "state": "PUBLISHED", "dateUpdated": "2025-02-03T16:40:05.497Z", "dateReserved": "2023-03-02T13:28:19.726Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-04-24T15:28:16.573Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-01-29", "cisaExploitAdd": "2024-01-08", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apache Superset Insecure Default Initialization of Resource Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "matchCriteriaId": "20E98F0D-B484-4FA4-8273-074A75ED3227", "versionEndIncluding": "2.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your `superset_config.py` file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.\n"}], "id": "CVE-2023-27524", "lastModified": "2024-11-21T07:53:05.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "security@apache.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-24T16:15:07.843", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/04/24/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/04/24/2"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}]}