Security News > 2023 > April > Thousands of Apache Superset servers exposed to RCE attacks
Apache Superset is vulnerable to authentication bypass and remote code execution at default configurations, allowing attackers to potentially access and modify data, harvest credentials, and execute commands.
Apache Superset is an open-source data visualization and exploration tool initially developed for Airbnb before it became a top-level project at the Apache Software Foundation in 2021.
According to a new report by Horizon3, Apache Superset used a default Flask Secret Key to sign authentication session cookies.
As a result, attackers can use this default key to forge session cookies that allow them to log in with administrator privileges to servers that did not change the key.
While the Apache documentation does tell admins to change the secret keys, Horizon3 says that this dangerous default configuration is currently detectable in about 2,000 internet-exposed servers belonging to universities, corporations of varying sizes, government organizations, and more.
The security company has shared a script on GitHub that Apache Superset admins can use to determine if their instance is vulnerable to attacks.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)