The Apache Superset installations can be exploited by hackers to gain administrator access and execute code.
Apache superset is an open source application that allows users to explore and visualize large amounts of data. A secret key for authentication is needed to be signed into superset. If an attacker knows a Superset session key, they could long in as an administrator, access databases, and add, modify, or delete databases.
In February 2023, Horizon3.ai found that over 3,000 Superset instances were accessible from the internet, with more than 2,000 of them using a default secret key.
Read more at: https://www.securityweek.com/organizations-warned-of-security-risk-in-default-apache-superset-configurations/
