Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-27524

Disclosure Date: April 24, 2023 •

CVE-2023-27524 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by inokii and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

auxiliary/gather/apache_superset_cookie_sig_priv_esc

exploit/linux/http/apache_superset_cookie_sig_rce

Description

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your superset_config.py file like:

SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>

Alternatively you can set it with SUPERSET_SECRET_KEY environment variable.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apache

Products

superset

Metasploit Modules

auxiliary/gather/apache_superset_cookie_sig_priv_esc (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.rb)

exploit/linux/http/apache_superset_cookie_sig_rce (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb)

Exploited in the Wild

Reported by:

inokii indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog)

Reported: January 17, 2024 5:36am UTC (10 months ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:20am UTC (2 weeks ago)

References

Canonical

CVE-2023-27524 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27524)

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2023-27524 (https://github.com/antx-code/CVE-2023-27524) (Added by AKB Worker)

CVE-2023-27524 (https://github.com/Pari-Malam/CVE-2023-27524) (Added by AKB Worker)

CVE-2023-27524 (https://github.com/horizon3ai/CVE-2023-27524) (Added by AKB Worker)