Exploit for #VU85166 Insecure default initialization of resource in Apache Superset

Published: 2024-01-09 | Updated: 2024-12-19

Vulnerability identifier: #VU85166

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2023-27524

CWE-ID: CWE-1188

Exploitation vector: Network

Exploits in database: 9

December 19, 2024
- CVE-2023-27524 (Apache Superset - Authentication Bypass) [Github]
November 22, 2024
- CVE-2023-27524 (Apache Superset Auth Bypass (CVE-2023-27524)) [Github]
October 25, 2024
- Apache Superset 2.0.0 - Authentication Bypass [Exploit-DB]
September 20, 2024
- CVE-2023-27524 (Apache Superset Auth Bypass Vulnerability CVE-2023-27524.) [Github]
August 16, 2024
- CVE-2023-27524 (Perform With Apache-SuperSet Leaked Token [CSRF]) [Github]
June 7, 2024
- CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE () [Github]
March 13, 2024
- CVE-2023-27524 (Basic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset) [Github]
January 9, 2024
- Apache Superset Signed Cookie RCE [Metasploit]
- Apache Superset Signed Cookie Priv Esc [Metasploit]

Vulnerable software:
Apache Superset
Web applications / Other software

Vendor: Apache Foundation