CVE-2023-27524

🗓️ 24 Apr 2023 15:28:16Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 434 Views🌐 WEB

CVE-2023-27524 Session Validation attacks in Apache Superset versions up to and including 2.0.1

Reporter	Title	Published	Views	Family All 48
GithubExploit	Exploit for Path Traversal in Oracle Weblogic_Server	5 Jun 202416:29	–	githubexploit
GithubExploit	Exploit for Missing Authorization in Myeventon Eventon	3 Jun 202414:21	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	25 Apr 202304:59	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	27 Apr 202307:31	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	4 May 202321:43	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	4 May 202321:43	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Phpmyfaq	11 May 202412:29	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	11 May 202412:29	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	27 Apr 202307:31	–	githubexploit
GithubExploit	Exploit for Insecure Default Initialization of Resource in Apache Superset	8 Sep 202306:15	–	githubexploit

NVD

Vulners

Node

apache supersetRange≤2.0.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Superset",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
lists	www.lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
openwall	www.openwall.com/lists/oss-security/2023/04/24/2
packetstormsecurity	www.packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
username	path	login	Login flow vulnerable to forged cookies due to default SECRET_KEY allowing session tampering.	CWE-1188
password	path	login	Login flow vulnerable to forged cookies due to default SECRET_KEY allowing session tampering.	CWE-1188
csrf_token	path	login	Login flow vulnerable to forged cookies due to default SECRET_KEY allowing session tampering.	CWE-1188
session	header	api/v1/me/	Validated forged session cookie can access user context information via me endpoint.	CWE-1188
database	path	api/v1/database/{i}	Enumeration of databases and credentials after forging a valid session cookie.	CWE-1188
host	path	api/v1/database/{i}	Enumeration of databases and credentials after forging a valid session cookie.	CWE-1188
port	path	api/v1/database/{i}	Enumeration of databases and credentials after forging a valid session cookie.	CWE-1188
username	path	api/v1/database/{i}	Enumeration of databases and credentials after forging a valid session cookie.	CWE-1188
password	path	api/v1/database/{i}	Enumeration of databases and credentials after forging a valid session cookie.	CWE-1188
backend	path	api/v1/database/{i}	Enumeration of databases and credentials after forging a valid session cookie.	CWE-1188

17 Jun 2026 05:45Current

8.3High risk

Vulners AI Score8.3

CVSS 3.18.9 - 9.8

EPSS0.97405

SSVC