Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114250
HistoryApr 12, 2024 - 12:00 a.m.

Apache Superset < 2.1.0 Hardcoded Secret Key

2024-04-1200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
apache superset
version 2.1.0
hardcoded secret key
source data
scanner

7.3 High

AI Score

Confidence

Low

Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as administrator.

No source data
VendorProductVersionCPE
apachesuperset*cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*

7.3 High

AI Score

Confidence

Low