Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

The Apache Superset install on the remote host is configured to use a known default SECRET_KEY. This can allow a remote, unauthenticated attacker to forge session cookies as arbitrary users, bypassing authentication and leading to remote code execution.

Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as administrator.

The version of Apache Superset installed on the remote host is affected a potential unsecure session key vulnerability. Installations that have not altered the default configured SECRET_KEY according to the installation instructions, or that use a predictable key phrase, would allow for an unauthenticated attacker to access the user dashboard with full administrator rights, allowing the attacker to compromise the system. 

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
197191	Apache Superset Known Default SECRET_KEY (CVE-2023-27524)	Nessus	Misc.	critical
114250	Apache Superset < 2.1.0 Hardcoded Secret Key	Web App Scanning	Component Vulnerability	critical
186510	Apache Superset < 2.1.0 Secure Session Key	Nessus	Misc.	critical

Detections

Analytics

CVE-2023-27524

critical

Tenable Plugins

critical

critical

critical