Security News > 2023 > April > Thousands of Apache Superset servers exposed to RCE attacks
Apache Superset is vulnerable to authentication bypass and remote code execution at default configurations, allowing attackers to potentially access and modify data, harvest credentials, and execute commands.
Apache Superset is an open-source data visualization and exploration tool initially developed for Airbnb before it became a top-level project at the Apache Software Foundation in 2021.
According to a new report by Horizon3, Apache Superset used a default Flask Secret Key to sign authentication session cookies.
As a result, attackers can use this default key to forge session cookies that allow them to log in with administrator privileges to servers that did not change the key.
While the Apache documentation does tell admins to change the secret keys, Horizon3 says that this dangerous default configuration is currently detectable in about 2,000 internet-exposed servers belonging to universities, corporations of varying sizes, government organizations, and more.
The security company has shared a script on GitHub that Apache Superset admins can use to determine if their instance is vulnerable to attacks.
News URL
Related news
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil (source)