Article Directory
foreword
An unauthorized access vulnerability exists in Apache Superset that could allow an attacker to authenticate and access unauthorized resources.
statement
This article is only used for vulnerability reproduction and technical research. Please do not use the relevant technologies in the article to engage in illegal testing. All adverse consequences have nothing to do with the author of the article. This article is for educational purposes only! ! !
1. Introduction to Apache Superset
Apache Superset is a data visualization and data exploration platform of the Apache Foundation.
Apache Superset 2.0.1 and earlier versions have a security vulnerability that could allow an attacker to authenticate and access unauthorized resources.
CVE ID: CVE-2023-27524 CNNVD ID: CNNVD-202304-1915
2. Scope of influence
Apache Superset 2.0.1
version and之前版本
3. Vulnerability recurrence
FOFA:" Apache Superset"
Vulnerability exploit tool download: https://github.com/horizon3ai/CVE-2023-27524
Download the software: Then execute the following command, -u followed by the address you want to detect.
local executionpip3 install -r requirements.txt
命令:python3 CVE-2023-27524.py -u https://X.X.X.X/ --validate
After executing the command, if there is a vulnerability, a cookie value will be displayed
and then access the URL address of the vulnerability, Burp intercepts the data packet, replaces the above cookie value, and then releases the packet
Successfully log in to the Apache Superset management background, where you can execute some sql statements and other operations (prove that there is harm, do not execute sql statements to tamper with data)
4. Suggestions for rectification
At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk