How severe is CVE-2023-27524?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-27524?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2023-27524

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-1188

View all →

Vulnerability Description

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.

CVE-2014-0234

CRITICAL

CVSS:9.8(Critical)

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing th...

CWE-11882014

CVE-2017-12739

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected d...

CWE-11882017

CVE-2017-5178

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is instal...

CWE-11882017

CVE-2017-8021

CRITICAL

CVSS:9.8(Critical)

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

CWE-11882017

CVE-2017-8218

CRITICAL

CVSS:9.8(Critical)

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, ...

CWE-11882017

CVE-2018-10968

CRITICAL

CVSS:9.8(Critical)

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.

CWE-11882018

CVE-2023-27524

Vulnerability Description

Related Vulnerabilities

CVE-2014-0234

CVE-2017-12739

CVE-2017-5178

CVE-2017-8021

CVE-2017-8218

CVE-2018-10968