The Hacker News - Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access
from The Hacker News https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html
from The Hacker News https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html
Comments
Post a Comment