Security News > 2023 > September > Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks

Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems.
Outside of these weaknesses, the latest version of Superset also remediates a separate improper REST API permission issue that allows for low-privilege users to carry out server-side request forgery attacks.
"If Superset can be tricked into connecting to its own metadata database, an attacker can directly read or write application configuration through SQLLab. This leads to harvesting credentials and remote code execution."
"An attacker with write access to the metadata database can insert an arbitrary pickle payload into the store, and then trigger deserialization of it, leading to remote code execution."
Ai said 2076 out of 3842 Superset servers are still using a default SECRET KEY, with about 72 instances using a trivially guessable SECRET KEY like superset, SUPERSET SECRET KEY, 1234567890, admin, changeme, thisisasecretkey, and your secret key here.
"At the root of many of the vulnerabilities is the fact that the Superset web interface permits users to connect to the metadata database. At the root of many of the vulnerabilities in this post is the fact that the Superset web interface permits users to connect to the metadata database."
News URL
https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html
Related news
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)