Apache has released patches to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems.
The update fixes CVE-2023-39265 and CVE- 2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database.
According to the company, At the root of many of the vulnerabilities […] is the fact that the Supersetset web interface permits users to connect to the metadata database.
This allows attackers to read or write application configuration through SQLLab.
In addition, the vulnerability lets an attacker gain remote access to a system’s registry without having to visit the main website.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply