{"uuid": "9b335852-b1cf-4045-86be-3147d21b6e10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/KomunitiSiber/110", "content": "Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks\nhttps://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html\n\nThe maintainers of the\u00a0Apache Superset\u00a0open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution.\nThe vulnerability, tracked as\u00a0CVE-2023-27524\u00a0(CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access", "creation_timestamp": "2023-04-26T13:36:44.000000Z"}