Back to directory
WRITEUP #1250

CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution

RCEDefault Flask Secret KeyHardcoded credentials
byNaveen Sunkavally
Program
Apache Superset
Published
Apr 25, 2023
Added to HackDex
Apr 27, 2023
Read Full Writeuphttps://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/
RELATED WRITEUPS
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
RCEDependency confusion
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization
Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS
RCEArbitrary file write
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
RCETLD hacking

Built with ❤️ by Shubham Rawat