1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Apache Superset Insecure Default Initialization of Resource Vulnerability

Known Exploited Vulnerabilities CVE-2023-27524 Mappings

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-27524 Apache Superset Insecure Default Initialization of Resource Vulnerability primary_impact T1078 Valid Accounts
Comments
This vulnerability is exploited by a remote attacker who forges a session cookie leveraging user_id or _user_id set to 1 in order to log in as an administrator. A successful exploitation could allow the adversary to gain authenticated access and gain access to unauthorized resources.
References
  1. https://www.horizon3.ai/attack-research/disclosures/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution
  2. https://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html
CVE-2023-27524 Apache Superset Insecure Default Initialization of Resource Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited by a remote attacker who forges a session cookie leveraging user_id or _user_id set to 1 in order to log in as an administrator. A successful exploitation could allow the adversary to gain authenticated access and gain access to unauthorized resources.
References
  1. https://www.horizon3.ai/attack-research/disclosures/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution
  2. https://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html