ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > 67% ntawm cov pej xeem Apache Superset servers siv tus yuam sij nkag los ntawm kev teeb tsa piv txwv

67% ntawm cov pej xeem Apache Superset servers siv tus yuam sij nkag los ntawm kev teeb tsa piv txwv

Cov kws tshawb fawb ntawm Horizon3 tau pom cov teeb meem kev nyab xeeb hauv feem ntau ntawm kev teeb tsa ntawm Apache Superset cov ntaub ntawv txheeb xyuas thiab pom lub platform. Nyob rau 2124 tawm ntawm 3176 Apache Superset pej xeem servers tau kawm, kev siv tus yuam sij encryption uas tau teev tseg los ntawm lub neej ntawd hauv cov qauv teeb tsa cov ntaub ntawv raug kuaj pom. Tus yuam sij no yog siv nyob rau hauv lub tsev qiv ntawv Flask Python los tsim cov ncuav qab zib sib tham, uas tso cai rau tus neeg tawm tsam uas paub tus yuam sij los tsim cov kev sib tham tsis tseeb, txuas rau Apache Superset web interface thiab thauj cov ntaub ntawv los ntawm cov ntaub ntawv khi, lossis teeb tsa cov lej ua tiav nrog Apache Superset txoj cai .

Qhov zoo siab, cov kws tshawb fawb tau pib qhia qhov teeb meem rau cov neeg tsim khoom rov qab rau xyoo 2021, tom qab ntawd, hauv kev tso tawm Apache Superset 1.4.1, tsim nyob rau lub Ib Hlis 2022, tus nqi ntawm SECRET_KEY parameter tau hloov nrog txoj hlua "CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET", daim tshev yog ntxiv rau cov cai, yog tias qhov no muaj nuj nqis outputting ceeb toom rau lub cav.

Thaum Lub Ob Hlis Ntuj xyoo no, cov kws tshawb fawb tau txiav txim siab rov tshawb xyuas cov kab ke yooj yim thiab pom tias ob peb tus neeg mob siab rau cov lus ceeb toom thiab 67% ntawm Apache Superset servers tseem tseem siv cov yuam sij los ntawm cov qauv teeb tsa, cov qauv xa tawm lossis cov ntaub ntawv. Nyob rau tib lub sijhawm, qee lub tuam txhab loj, tsev kawm qib siab thiab tsoomfwv cov koomhaum tau nyob hauv cov koom haum uas siv cov yuam sij tsis raug.

67% ntawm cov pej xeem Apache Superset servers siv tus yuam sij nkag los ntawm kev teeb tsa piv txwv

Kev qhia txog tus yuam sij ua haujlwm hauv tus qauv teeb tsa tam sim no pom tau tias muaj qhov tsis zoo (CVE-2023-27524), uas tau kho nyob rau hauv qhov kev tso tawm Apache Superset 2.1 los ntawm qhov tso tawm ntawm qhov yuam kev uas thaiv kev tshaj tawm ntawm lub platform thaum siv tus yuam sij teev. nyob rau hauv qhov piv txwv (tsuas yog tus yuam sij teev nyob rau hauv configuration piv txwv ntawm lub tam sim no version yog coj mus rau hauv tus account, qub hom keys thiab cov yuam sij los ntawm templates thiab cov ntaub ntawv yog tsis thaiv). Ib tsab ntawv tshwj xeeb tau raug npaj los kuaj xyuas qhov tsis zoo ntawm lub network.

67% ntawm cov pej xeem Apache Superset servers siv tus yuam sij nkag los ntawm kev teeb tsa piv txwv


Tau qhov twg los: opennet.ru

Ntxiv ib saib