5 matches found
CVE-2023-37941
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...
Metasploit Weekly Wrap-Up
That Privilege Escalation Escalated Quickly This release features a module leveraging CVE-2023-22515, a vulnerability in Atlassian’s on-premises Confluence Server first listed as a privilege escalation, but quickly recategorized as a “broken access control” with a CVSS score of 10. The exploit...
Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update version 2.1.1 plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions...
CVE-2023-37941
creationtimestamp| type| source ---|---|--- 2023-09-07 11:01:26+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8984 2023-09-07 13:31:34+00:00| seen| https://t.me/thehackernews/3838 2023-09-07 13:42:21+00:00| published-proof-of-concept|...
CVE-2023-37941
CVE-2023-37941 affects Apache Superset where an attacker with write access to the metadata database can persist a crafted Python object to achieve remote code execution on the web backend. The vulnerability hinges on the metadata DB, an internal component, being accessible with significant privil...