Share
## https://sploitus.com/exploit?id=C64CA562-E820-5528-AA3B-97F82E7C8D56
* CVE-2023-27524
--------
** Description
    - POC for CVE-2023-27524: Apache Superset Auth Bypass Vulnerability.
    - create by antx at 2023-04-27.
--------
** Detail
    - Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
--------
** CVE Severity
    - attackComplexity: HIGH
    - attackVector: NETWORK
    - availabilityImpact: LOW
    - confidentialityImpact: HIGH
    - integrityImpact: HIGH
    - privilegesRequired: NONE
    - scope: CHANGED
    - userInteraction: NONE
    - version: 3.1
    - baseScore: 8.9
    - baseSeverity: HIGH
--------
** Affect
    - Apache Superset
        - <= 2.0.1
--------
** POC
    - [[./CVE-2023-27524.py][Poc]]
--------
** Patch
    - [[https://github.com/apache/superset/releases][vendor patch]]
--------
** Reference
    - Ref-Source
        - [[https://twitter.com/momika233/status/1651276901821067265]]
        - [[https://github.com/projectdiscovery/nuclei-templates/pull/7125/commits/9e38e8cffb068786bb87d5629cb468960968ff81][Create CVE-2023-27524.yaml #7125]]
    - CVE
        - [[https://vulners.com/cve/CVE-2023-27524][CVE-2023-27524]]
    - NVD
        - [[https://nvd.nist.gov/vuln/detail/CVE-2023-27524][CVE-2023-27524]]
    - Ref-Poc-Engine
        - [[https://github.com/antx-code/pocx][pocx]]