Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_114250HistoryApr 12, 2024 - 12:00 a.m.
Apache Superset < 2.1.0 Hardcoded Secret Key
2024-04-1200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
apache superset
version 2.1.0
hardcoded secret key
source data
scanner
7.3 High
AI Score
Confidence
Low
Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as administrator.
No source data7.3 High
AI Score
Confidence
Low