Hacking News Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE

Hacking News Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE - Printable Version

+- (https://hackmyride.com/forum)
+-- Forum: Automotive Hacking (https://hackmyride.com/forum/forumdisplay.php?fid=211)
+--- Forum: News (https://hackmyride.com/forum/forumdisplay.php?fid=278)
+---- Forum: The Hacker News (https://hackmyride.com/forum/forumdisplay.php?fid=279)
+---- Thread: Hacking News Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE (/showthread.php?tid=4302)

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE - The Hacker News - 04-26-2023

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution.
The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access

https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html