{"uuid": "6cbb5952-a196-49af-a3ce-7af7206d1fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3315", "content": "CVE-2023-27524: Apache Superset Auth Bypass\n\n\n\ud83d\udca5 Script to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.\n\nThe --validate flag can be used to validate exploitability by enumerating databases using the Superset API.\n\nrequirements:\n\nflask-unsign==1.2.0\nrequests==2.26.0\nUsage:\n\nCVE-2023-27524.py [-h] --url URL [--id ID] [--validate] [--timeout TIMEOUT]\n\nDownload: https://system32.ink/news-feed/p/308/", "creation_timestamp": "2023-04-25T13:58:22.000000Z"}