AI Score
Confidence
Low
Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as administrator.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27524
github.com/apache/superset/commit/412189fcb73268ddd4829d2fdb8381c5e47595ce
lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk