← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-27524 — Actively Exploited: Superset (Apache)

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

CVE IDCVE-2023-27524
VendorApache
ProductSuperset
Vulnerability nameApache Superset Insecure Default Initialization of Resource Vulnerability
Date added2024-01-08
Remediation due2024-01-29
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionApache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →