| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-27524 | Apache Superset Insecure Default Initialization of Resource Vulnerability | primary_impact | T1078 | Valid Accounts |
Comments
This vulnerability is exploited by a remote attacker who forges a session cookie leveraging user_id or _user_id set to 1 in order to log in as an administrator. A successful exploitation could allow the adversary to gain authenticated access and gain access to unauthorized resources.
References
|
| CVE-2023-27524 | Apache Superset Insecure Default Initialization of Resource Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited by a remote attacker who forges a session cookie leveraging user_id or _user_id set to 1 in order to log in as an administrator. A successful exploitation could allow the adversary to gain authenticated access and gain access to unauthorized resources.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| CVE-2023-27524 | Apache Superset Insecure Default Initialization of Resource Vulnerability | 2 |