{"vulnerability": "CVE-2023-27524", "sightings": [{"uuid": "d54c8cc8-004c-44cd-9079-78ad01c3a339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-01-08T18:10:03.000000Z"}, {"uuid": "afd04159-1056-467e-a1e9-4e2b376f9b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "612fa471-ba4c-42dd-92a4-17e268f0bd37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:51.000000Z"}, {"uuid": "e7ed740d-6d5b-4666-ad70-77d97777b165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:52.000000Z"}, {"uuid": "5db711b1-c20a-47fa-9f5e-9bf195d3344e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://gist.github.com/TatiShayo/ac718ff676ec5a22e5264aaa05f02163", "content": "", "creation_timestamp": "2025-09-27T08:10:18.000000Z"}, {"uuid": "0e4d0edc-1638-4ea4-818d-58436fe8ab50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.rb", "content": "", "creation_timestamp": "2023-09-12T23:27:42.000000Z"}, {"uuid": "1ed10600-849b-4652-8b63-1e0a79f89fc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:12.000000Z"}, {"uuid": "3e2a3e9b-7e4b-45f3-80a3-7de19cd80945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "35ead6f1-f8ed-43de-af19-2aa3d0dd1314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-27524", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/2bd8ea34-74bd-4e3c-a88c-4a0cb6f0b6a5", "content": "", "creation_timestamp": "2026-02-02T12:26:43.633661Z"}, {"uuid": "2ab9168d-d080-4291-91a7-9eb8d3c5e3b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb", "content": "", "creation_timestamp": "2023-10-12T21:34:40.000000Z"}, {"uuid": "68790f75-7fc0-43c9-ac9c-cd0ad81dd8f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4241", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aBasic PoC for CVE-2023-27524: Insecure Default Configuration in Apache Superset\nURL\uff1ahttps://github.com/horizon3ai/CVE-2023-27524\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-25T12:12:43.000000Z"}, {"uuid": "96643b5f-fc27-4819-ae39-8fccd80f0b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4260", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApache Superset Auth Bypass Vulnerability CVE-2023-27524.\nURL\uff1ahttps://github.com/antx-code/CVE-2023-27524\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-27T07:39:53.000000Z"}, {"uuid": "bba8cb1d-532c-4542-8407-f75bd730f943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4258", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApahce-Superset\u8eab\u4efd\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2023-27524)\u68c0\u6d4b\u5de5\u5177\nURL\uff1ahttps://github.com/Okaytc/Superset_auth_bypass_check\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-04-27T06:25:31.000000Z"}, {"uuid": "2816ef8f-889d-4f2c-a32d-e17c720c9670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4288", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA POC for the all new CVE-2023-27524 which allows for authentication bypass and gaining access to the admin dashboard.\nURL\uff1ahttps://github.com/MaanVader/CVE-2023-27524-POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-07T08:05:24.000000Z"}, {"uuid": "d4c94918-9976-47e0-a126-bf6be0b78a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5342", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aApache Superset \u9ed8\u8ba4SECRET_KEY \u6f0f\u6d1e(CVE-2023-27524)\nURL\uff1ahttps://github.com/CN016/Apache-Superset-SECRET_KEY-CVE-2023-27524-\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-10T08:39:36.000000Z"}, {"uuid": "1bd7257a-0586-4cd7-8b9b-1a1b9fc3f58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/10", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 Horizon3 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0434\u043b\u044f RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-27524 \u0432 Apache Superset, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 8.9 \u043f\u043e CVSS3.0. Apache Superset - \u044d\u0442\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 \u0434\u043b\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0438 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u0430\u044f Airbnb \u0432 2017 \u0433\u043e\u0434\u0443. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0441\u0443\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0435\u0444\u043e\u043b\u0442\u043d\u043e\u0433\u043e \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \\x02\\x01thisismyscretkey\\x01\\x02\\\\e\\\\y\\\\y\\\\h \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 SECRET_KEY \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f session cookie, \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Superset \u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u0431\u0443\u043a\u0432\u0430\u043c\u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u0434\u0435\u0444\u043e\u043b\u0442\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 'YOUR_OWN_RANDOM_GENERATED_SECRET_KEY'. \u0410\u0432\u0442\u043e\u0440\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0443\u044e \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b 1288 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 (\u0431\u043e\u043b\u0435\u0435 70% \u043e\u0442 \u043e\u0431\u0449\u0435\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430) \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u043d\u0435 \u043e\u0441\u0438\u043b\u0438\u043b\u0438 RTFM \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0434\u0435\u0444\u043e\u043b\u0442\u043d\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430. \u041f\u0440\u0438\u043d\u0438\u043c\u0430\u044f \u0432\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0442\u0430\u043b\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0447\u0435\u043d\u044c \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u0430 \u0438 \u0441\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u043a \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u044d\u0442\u0438\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f session cooki\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b , \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e flask-unsign  \u0414\u0430\u043b\u0435\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 SQL \u0431\u0430\u0437\u0430\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b, \u0430 \u0442\u0430\u043a \u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f RCE \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0411\u0414 \u0438 \u0441\u0430\u043c\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \n\u041f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441 Netlas: http.favicon.hash_sha256:e186603e51173d86bfc680eee24345d67c7a1d945a8e76dc4b218bbfabed666e\n\u0421\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: https://github.com/horizon3ai/CVE-2023-27524\n\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n#CVE-2023-27524 #RCE #Apache_Superset", "creation_timestamp": "2023-04-25T19:02:57.000000Z"}, {"uuid": "7d9b0a99-5cf0-4e54-a7cb-2c941aee8c14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5604", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-27524\nURL\uff1ahttps://github.com/NguyenCongHaiNam/Research-CVE-2023-27524\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-30T00:31:14.000000Z"}, {"uuid": "6fec8384-b88d-4dcc-9876-9f74994fd7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/ctinow/108022", "content": "CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution\n\nhttps://ift.tt/dwGjxKc", "creation_timestamp": "2023-04-25T18:32:01.000000Z"}, {"uuid": "66dd99f8-b94f-4e85-8a5c-be75ddc2fbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/ctinow/109130", "content": "Apache Superset RCE Vulnerability CVE-2023-27524 Highlights Ongoing Issues with Flask AppBuilder, Joining List of Previously Discovered CVEs\n\nhttps://ift.tt/UWbn0pX", "creation_timestamp": "2023-05-01T19:56:20.000000Z"}, {"uuid": "9bdcc02e-0117-4fb4-89a5-982f2d4be1f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "Telegram/JHth4ZHtrek0mtXpyx13xhAaf76J47pdr3e7jIQSEbuQ4I4", "content": "", "creation_timestamp": "2024-04-02T00:59:20.000000Z"}, {"uuid": "7c55b1b0-3f4d-4576-907e-7bf25c5ab60a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "exploited", "source": "Telegram/JnNnilEYMUSh-Zu51neb6kHqGke6sMvBJm_GJssev0Bvng", "content": "", "creation_timestamp": "2024-03-01T07:47:44.000000Z"}, {"uuid": "9b335852-b1cf-4045-86be-3147d21b6e10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/KomunitiSiber/110", "content": "Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks\nhttps://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html\n\nThe maintainers of the\u00a0Apache Superset\u00a0open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution.\nThe vulnerability, tracked as\u00a0CVE-2023-27524\u00a0(CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access", "creation_timestamp": "2023-04-26T13:36:44.000000Z"}, {"uuid": "18fc4ace-3129-43e6-9b02-058d789576a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "Telegram/MBMGshtgbvgJwtNFQOGjMRSdF8xMj0S4jsbIBgQGTrj3-Q", "content": "", "creation_timestamp": "2023-04-26T12:38:50.000000Z"}, {"uuid": "3e70b99c-15ec-4d49-abbf-4da4fe13473c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/LockBitRaasRansomware/10663", "content": "CVE-2023-27524: Basic #PoC for CVE-2023-27524:\n\nInsecure Default Configuration in Apache Superset\n\nhttps://github.com/horizon3ai/CVE-2023-27524\n\nPrivate: @RAVE_CGF", "creation_timestamp": "2024-04-02T00:59:21.000000Z"}, {"uuid": "9ff0214f-308f-472a-b6f6-26fd3f35611f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "exploited", "source": "Telegram/bxIbtebNpYZn73aIlUIITrmh9OTqREcr__tt_K9TdQwmBA", "content": "", "creation_timestamp": "2024-01-10T06:33:04.000000Z"}, {"uuid": "d92c6c18-7de2-45e0-8890-7a6b839e52b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/arvinclub1/78", "content": "https://github.com/horizon3ai/CVE-2023-27524", "creation_timestamp": "2023-04-25T18:25:31.000000Z"}, {"uuid": "5573e7eb-9d20-4468-9902-d731bde2f08c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/arpsyndicate/1910", "content": "#ExploitObserverAlert\n\nCVE-2023-27524\n\nDESCRIPTION: Exploit Observer has 40 entries related to CVE-2023-27524. Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nFIRST-EPSS: 0.906990000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-18T04:23:04.000000Z"}, {"uuid": "910c6468-dff5-466f-ae13-e841d3fcb2ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "exploited", "source": "https://t.me/KomunitiSiber/1316", "content": "CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack\nhttps://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has\u00a0added\u00a0six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nThis includes\u00a0CVE-2023-27524\u00a0(CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.", "creation_timestamp": "2024-01-10T06:31:52.000000Z"}, {"uuid": "b8a881bd-ce24-4784-9271-06b0634b0d94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/BABATATASASA/5510", "content": "JsonWebToken (CVE-2022-23529).\nChatGPT (CVE-2023-28858).\nApache Superset (CVE-2023-27524).\nPaperCut NG/MF (CVE-2023-27350).\nFortinet FortiOS (CVE-2022-41328).\nAdobe ColdFusion (CVE-2023-26360).\nMOVEit vulnerability (CVE-2023-34362).", "creation_timestamp": "2023-09-25T15:05:09.000000Z"}, {"uuid": "66c3c763-4f18-4d8e-87c9-eb51def08cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2994", "content": "Tools - Hackers Factory \n\nbadsecrets\n\nA library for detecting known secrets across many web frameworks.\n\nhttps://github.com/blacklanternsecurity/badsecrets\n\nDetails:\nhttps://blog.blacklanternsecurity.com/p/introducing-badsecrets\n\n#cybersecurity #infosec #pentesting\n\nHyperDeceit\n\nThis repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.\n\nhttps://github.com/Xyrem/HyperDeceit\n\nDetails: \nhttps://reversing.info/posts/hyperdeceit/\n\n#infosec #pentesting #redteam\n\nCVE-2023-27524\n\nApache Superset Auth Bypass (CVE-2023-27524)\n\nhttps://github.com/TardC/CVE-2023-27524\n\n#cve #cybersecurity #infosec\n\nPEASS\n\nPrivilege Escalation Awesome Scripts SUITE new generation.\n\nhttps://github.com/carlospolop/PEASS-ng/\n\n#infosec #pentesting #redteam\n\nMagSpoof\n\nA portable device that can spoof/emulate any magnetic stripe, credit card or hotel card \"wirelessly\", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX card numbers with 100% accuracy.\n\nhttps://github.com/samyk/magspoof\n\n#infosec #pentesting #redteam\n\neffective-waffle \n\nyet another sleep encryption thing. also used the default github repo name for this one.\n\nhttps://github.com/susMdT/effective-waffle\n\n#cybersecurity #infosec\n\nDUCKSPLOIT\n\nWindows Hacking FrameWork using Reverse Shell.\n\nhttps://github.com/canarddu38/DUCKSPLOIT\n\n#infosec #pentesting #redteam\n\nBackdoorBox\n\nThe open-sourced Python toolbox for backdoor attacks and defenses.\n\nhttps://github.com/THUYimingLi/BackdoorBox\n\n#cybersecurity #infosec #pentesting\n\nWinDbg_Scripts\n\nUseful scripts for WinDbg using the debugger data model.\n\nhttps://github.com/yardenshafir/WinDbg_Scripts\n\n#cybersecurity #infosec\n\nCompMgmtLauncher_DLL_UACBypass\n\nCompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive.\n\nhttps://github.com/hackerhouse-opensource/CompMgmtLauncher_DLL_UACBypass\n\n#infosec #pentesting #redteam\n\nEliteElixir\n\nThe first ever MC:BE ForceOP Exploit utilizing a user impersonation exploit within Bedrock Dedicated Server.\n\nhttps://github.com/MrDiamond64/EliteElixir\n\n#infosec #pentesting #redteam\n\nprenum\n\nThe perils of the Pre-Windows 2000 compatible access group in a Windows Domain.\n\nhttps://github.com/4ndr34z/prenum\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-16T06:03:12.000000Z"}, {"uuid": "8011bb21-0ed8-4eaa-a1d1-a6e3ef29eaa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2897", "content": "Tools - Hackers Factory\n\n\u200b\u200bLTESniffer\n\nAn Open-source LTE Downlink/Uplink Eavesdropper.\n\nThe main purpose of LTESniffer is to support security and analysis research on the cellular network. Due to the collection of uplink-downlink user data, any use of LTESniffer must follow the local regulations on sniffing the LTE traffic.\n\nhttps://github.com/SysSec-KAIST/LTESniffer\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-1671-POC\n\nBased on dnslog platform.\n\nhttps://github.com/W01fh4cker/CVE-2023-1671-POC\n\n#infosec #cve #poc\n\n\u200b\u200bChattyCaty\n\nOpen-source project which demonstrates an infrastructure to create a polymorphic program using GPT models.\n\nhttps://github.com/cyberark/ChattyCaty\n\n#cybersecurity #infosec\n\n\u200b\u200bprocess-cloning\n\nThe Definitive Guide To Process Cloning on Windows.\n\nhttps://github.com/huntandhackett/process-cloning\n\n#cybersecurity #infosec #pentesting\n\nPentestGPT\n\nA GPT-empowered penetration testing tool.\n\nhttps://github.com/GreyDGL/PentestGPT\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bLinkedinEmails\n\nSearches for employees of a company on #linkedin and generates a list of possible emails.\n\nhttps://github.com/miltinhoc/LinkedinEmails\n\n\u200b\u200bSECMON\n\nWeb-based tool for the automation of infosec watching and vulnerability management with a web interface.\n\nhttps://github.com/Guezone/SECMON\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27524 \n\nApache Superset Auth Bypass.\n\nScript to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.\n\nhttps://github.com/horizon3ai/CVE-2023-27524\n\n#infosec #cve #poc\n\n\u200b\u200bZaproxy\n\nThe OWASP Zed Attack Proxy (ZAP) is one of the world\u2019s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.\n\nhttps://github.com/zaproxy/zaproxy\n\nWebsite:\nhttps://www.zaproxy.org/\n\n#infosec #pentesting #best\n\n\u200b\u200bStackrox\n\nThe StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.\n\nhttps://github.com/stackrox/stackrox\n\n#cybersecurity #infosec\n\n\u200b\u200bNuclear Pond\n\nNuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.\n\nhttps://github.com/DevSecOpsDocs/nuclearpond\n\n#cybersecurity #infosec \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-04-26T09:26:57.000000Z"}, {"uuid": "6787e326-e64a-452d-84fc-93cdd44e154b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/proxy_bar/1464", "content": "CVE-2023-27524\nApache Superset Auth Bypass\nPOC exploit\n\n\u0434\u0435\u043d\u044c \u0431\u043e\u0433\u0430 \u044f \u0441\u043c\u043e\u0442\u0440\u044e\n\n#apache #poc", "creation_timestamp": "2023-04-25T15:10:13.000000Z"}, {"uuid": "8e086f48-e21a-4cb3-b368-bf74ce77ff41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "Telegram/ygWFXxoEmvPiqcK9c8iovXPMcOts8txggjLOoQbyXEsCCw", "content": "", "creation_timestamp": "2023-04-25T13:59:31.000000Z"}, {"uuid": "5216b2db-2fd1-41b4-9109-f61888142bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "Telegram/7gLqEpAl8qlx5dg18S-_F0HUSrgy0ajX8Q4ExVP4VrKDRmc", "content": "", "creation_timestamp": "2023-05-22T18:50:24.000000Z"}, {"uuid": "d8a391fe-a700-4370-8dea-ac8d736a95c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "Telegram/E9ec-bTUdb_3jzT5RLGDZkp0LBWJld6BDhGcelaAX6nCWag", "content": "", "creation_timestamp": "2023-07-09T07:45:12.000000Z"}, {"uuid": "d6e0574e-fbc5-4621-aedc-c717548f092b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/780", "content": "CVE-2023-27524 : Apache Superset Insecure Default Configuration To Remote Code Execution\nBlog : https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/", "creation_timestamp": "2023-08-01T22:29:01.000000Z"}, {"uuid": "a7fcd5e0-59e5-4ca9-b966-b208ab9e934b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/jokerplstaeen/17309", "content": "\u200b\u200bCVE-2023-27524 \n\nApache Superset Auth Bypass.\n\nScript to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.\n\nhttps://github.com/horizon3ai/CVE-2023-27524\n\n#infosec #cve #poc", "creation_timestamp": "2023-05-23T17:56:35.000000Z"}, {"uuid": "6cbb5952-a196-49af-a3ce-7af7206d1fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3315", "content": "CVE-2023-27524: Apache Superset Auth Bypass\n\n\n\ud83d\udca5 Script to check if an Apache Superset server is running with an insecure default configuration (CVE-2023-27524). The script checks if a Superset server's session cookies are signed with any well-known default Flask SECRET_KEYs.\n\nThe --validate flag can be used to validate exploitability by enumerating databases using the Superset API.\n\nrequirements:\n\nflask-unsign==1.2.0\nrequests==2.26.0\nUsage:\n\nCVE-2023-27524.py [-h] --url URL [--id ID] [--validate] [--timeout TIMEOUT]\n\nDownload: https://system32.ink/news-feed/p/308/", "creation_timestamp": "2023-04-25T13:58:22.000000Z"}, {"uuid": "b14576a5-5204-4e1c-a618-f4a3e6ea6e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7267", "content": "CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution\n\nhttps://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/", "creation_timestamp": "2023-04-25T15:50:13.000000Z"}, {"uuid": "45c7df2e-6add-4a2a-9c76-942254523230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/cibsecurity/62729", "content": "\u203c CVE-2023-27524 \u203c\n\nSession Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T20:19:30.000000Z"}, {"uuid": "8838a99a-9ead-4c29-8f00-a24be0d57e95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "exploited", "source": "https://t.me/information_security_channel/51294", "content": "CISA Warns of Apache Superset Vulnerability Exploitation\nhttps://www.securityweek.com/cisa-warns-of-apache-superset-vulnerability-exploitation/\n\nCISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.\nThe post CISA Warns of Apache Superset Vulnerability Exploitation (https://www.securityweek.com/cisa-warns-of-apache-superset-vulnerability-exploitation/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-01-09T19:54:07.000000Z"}, {"uuid": "3e463285-efe6-4b0a-806d-3a568eb63b44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/thehackernews/4375", "content": "\ud83d\udea8 CISA warns of 6 actively exploited security flaws \n \n\u2570\u2508\u27a4 CVE-2023-27524 in Apache Superset. \n\u2570\u2508\u27a4 CVE-2023-38203 & CVE-2023-29300 in Adobe ColdFusion. \n\u2570\u2508\u27a4 CVE-2023-41990 in Apple products. \n\u2570\u2508\u27a4 CVE-2016-20017 in D-Link devices. \n\u2570\u2508\u27a4 CVE-2023-23752 in Joomla! \n \nRead: https://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html", "creation_timestamp": "2024-01-10T06:02:02.000000Z"}, {"uuid": "68064a09-1f0a-4fea-9750-d51ba38b2a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "seen", "source": "https://t.me/thehackernews/3284", "content": "\ud83d\udea8 A dangerous default configuration in Apache Superset has been discovered, which could allow attackers to gain RCE, harvest credentials, and compromise data.\n\nFor more details, read about CVE-2023-27524 at https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html\n\nTo fix this issue, upgrade to version 2.1.", "creation_timestamp": "2023-04-26T11:40:57.000000Z"}, {"uuid": "b93a32ea-1aa4-4832-9f49-aacc3fa7148b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8185", "content": "#exploit\n1. CVE-2023-27350:\nPOC for CVE-2023-27350 affecting PaperCut MF/NG\nhttps://github.com/horizon3ai/CVE-2023-27350\n]-> https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise\n\n2. CVE-2023-27524:\nInsecure Default Configuration in Apache Superset\nhttps://github.com/horizon3ai/CVE-2023-27524", "creation_timestamp": "2023-04-26T02:22:48.000000Z"}, {"uuid": "b2c71edd-f858-4841-9368-7bd565847967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8984", "content": "#exploit\n1. CVE-2023-4634:\nRCE Exploit for Wordpress Media-Library Plugin < 3.10\nhttps://github.com/Patrowl/CVE-2023-4634\n\n2. CVE-2023-27524, CVE-2023-39265, CVE-2023-37941:\nApache Superset\u00a0- RCE, Credential Harvesting & More\nhttps://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-and-more", "creation_timestamp": "2023-09-07T11:01:26.000000Z"}, {"uuid": "ab91cd50-17bc-423d-84d7-53ed22091d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5884", "content": "CVE-2023-27524 - Apache Superset Auth Bypass and RCE\n\nGithub\n\n#CVE #Exploit #POC\n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-12-31T14:55:04.000000Z"}, {"uuid": "9a14a562-1400-4208-8e64-cc3e05954aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27524", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4975", "content": "CVE-2023-27524 ( Apache Superset Auth Bypass )\n\nExploit\n\n#CVE #Exploit #POC\n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-05-20T00:26:21.000000Z"}]}