Free

CVE Series: Authentication Bypass in Apache Superset (CVE-2023-27524)

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

1
35
M
Time
Intermediate
difficulty
1
ceu/cpe

Course Content

Explanation of the exploit script

5m

CVE-2023-27524-exploitation
Introduction to Apache Superset FREE

5m

Introduction to Apache Superset
How To Remediate CVE-2023-27524

30m

CVE-2023-27524 Remediation
Exploiting CVE-2023-27524

45m

CVE-2023-27524-exploitation
Course Description

CVE-2023-27524 is a critical vulnerability in Apache Superset, an open-source data visualization and business intelligence tool, affecting versions up to 2.0.1. It arises from an insecure default configuration in session validation, specifically involving the SECRET_KEY used in the Python Flask web framework for signing session cookies. This vulnerability enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain administrative access, leading to potential remote code execution and unauthorized data access. In this course you’ll be putting on your Red Team hat to exploit this vulnerability and gain access to the victim’s server!

Target Audience

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Course Level

Intermediate

Prerequisites

Basic knowledge of Python as a programming language as well as functional knowledge of web applications and the Linux command line.

Helpful Links

  •   Exploit Code: https://github.com/jakabakos/CVE-2023-27524-Apache-Superset-Auth-Bypass-and-RCE
  • CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27524 (Official CVE)
  • NIST Entry: https://nvd.nist.gov/vuln/detail/CVE-2023-27524
  • Metasploit Module: https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
  • Vendor Advisory: https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
  • HORIZON3.ai Blog: https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ https://www.horizon3.ai/apache-superset-part-ii-rce-credential-harvesting-and-more/
  • VSOCIETY Blog: https://www.vicarius.io/vsociety/posts/cve-2023-27524-authentication-bypass-in-apache-superset
  • This course is part of a Career Path:
    No items found.

    Instructed by

    Senior Instructor
    Clint Kehr

    Clint is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Clint has trained over 1,000 law enforcement officers, prosecutors, and civilians on the dark web and dark market websites. Clint has a master’s degree in intelligence studies from American Military University where he graduated with honors and also has a master’s degree in Information Technology from Carnegie Mellon University where he graduated with highest distinction. As a former Navy Reserve Officer, Clint served in many roles, such as a division officer and department head for commands in the information warfare community.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CVE Series: Authentication Bypass in Apache Superset (CVE-2023-27524) Certificate of Completion