CVE-2023-27526 – Apache Superset: Improper Authorization check on import charts
https://notcve.org/view.php?id=CVE-2023-27526
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. Un usuario no autenticado como administrador podría crear recursos incorrectamente utilizando la función de importación de gráficos, en Apache Superset hasta la versión 2.1.0 incluida. • https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv • CWE-863: Incorrect Authorization •
CVE-2023-36387 – Apache Superset: Improper API permission for low privilege users
https://notcve.org/view.php?id=CVE-2023-36387
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. Un permiso de API REST predeterminado incorrecto para los usuarios de Gamma en Apache Superset hasta la versión 2.1.0 incluida permite que un usuario de Gamma autenticado pruebe las conexiones de la base de datos. • https://github.com/apache/superset/pull/24185 https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3 • CWE-863: Incorrect Authorization •
CVE-2023-27524 – Apache Superset Insecure Default Initialization of Resource Vulnerability
https://notcve.org/view.php?id=CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable. Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. • https://www.exploit-db.com/exploits/51447 https://github.com/horizon3ai/CVE-2023-27524 https://github.com/MaanVader/CVE-2023-27524-POC https://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE https://github.com/ThatNotEasy/CVE-2023-27524 https://github.com/antx-code/CVE-2023-27524 https://github.com/TardC/CVE-2023-27524 https://github.com/necroteddy/CVE-2023-27524 https://github.com/NguyenCongHaiNam/Research-CVE-2023-27524 https://github.com/Cappricio • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2023-25504 – Apache Superset: Possible SSRF on import datasets
https://notcve.org/view.php?id=CVE-2023-25504
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1. • http://www.openwall.com/lists/oss-security/2023/04/18/8 https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-27525 – Apache Superset: Incorrect default permissions for Gamma role
https://notcve.org/view.php?id=CVE-2023-27525
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1 • https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77 • CWE-863: Incorrect Authorization •