apache_superset is vulnerable to Authentication Bypass. The vulnerability is due to a default secret key in which allows an attacker to authenticate and access unauthorized resources when the default configuration of SECRET_KEY
is not altered according to the installation instructions.
packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
www.openwall.com/lists/oss-security/2023/04/24/2
github.com/advisories/GHSA-5cx2-vq3h-x52c
github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03
github.com/apache/superset/pull/23186
lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
www.openwall.com/lists/oss-security/2023/04/24/2