Article directory
Apache Superset has an unauthorized access vulnerability (CVE-2023-27524) detailed utilization process
Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.
1. Introduction to Apache Superset
WeChat official account search: Nanfeng Vulnerability Reappearance Library
This article was first published on the Nanfeng Vulnerability Reproduction Library official account
Apache Superset is a data visualization and data exploration platform of the Apache Foundation.
2. Vulnerability description
Apache Superset is a data visualization and data exploration platform of the Apache Foundation. Apache Superset 2.0.1 and earlier versions have security vulnerabilities. An attacker could exploit this vulnerability to authenticate and access unauthorized resources.
CVE ID: CVE-2023-27524
CNNVD ID: CNNVD-202304-1915
CNVD ID:
3. Affect the version
Apache Superset 2.0.1 and earlier
4. fofa query statement
“Apache Superset”
5. Vulnerability recurrence
Vulnerability exploitation tool: https://github.com/horizon3ai/CVE-2023-27524
Download the software:
Then execute the following command, -u followed by the address you want to detect.
python3 CVE-2023-27524.py -u http://127.0.0.1/ --validate
If there is a vulnerability, a cookie value will be exploded here
Then visit the vulnerable url, use brupsuite to truncate the data packet, and replace the cookie value exploded above.
After the replacement, release the data packet and successfully log in to the Apache Superset management background
6.POC&EXP
If github cannot be opened, you can obtain the exploit program by
following the official account Nanfeng Vulnerability Reproduction Library and replying to Vulnerability Reproduction 29
to get the download address of the POC tool:
7. Rectification opinions
At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk