Abacwaningi abavela ku-Horizon3 badonsele ukunaka ezinkingeni zokuphepha ekufakweni okuningi kwe-Apache Superset yokuhlaziywa kwedatha kanye neplathifomu yokubuka. Ngomhla ka-2124 kumaseva angu-3176 omphakathi afundwa nge-Apache Superset, ukusetshenziswa kokhiye wokubethela ojwayelekile ocaciswe ngokuzenzakalelayo kufayela lesibonelo lokumisa kwatholwa. Lo khiye usetshenziswa kulabhulali ye-Flask Python ukuze kukhiqizwe ama-Cookies eseshini, avumela umhlaseli owazi ukhiye wokukhiqiza amapharamitha eseshini eqanjiwe, axhume ku-interface yewebhu ye-Apache Superset futhi alayishe idatha kusuka kusizindalwazi esixhunyiwe, noma ahlele ukukhishwa kwekhodi ngamalungelo e-Apache Superset. .
Kuyathakazelisa ukuthi abacwaningi baqale bazisa onjiniyela ngenkinga emuva ngo-2021, okwathi ngemva kwalokho ekukhishweni kwe-Apache Superset 1.4.1, eyakhiwe ngoJanuwari 2022, inani lepharamitha engu-SECRET_KEY lathathelwa indawo umugqa othi βCHANGE_ME_TO_A_COMPLEX_RANDOM_SECRETβ, isheke lashintshwa. ingezwe kukhodi, uma lokhu kubaluleka kukhipha isexwayiso kulogi.
NgoFebhuwari walo nyaka, abacwaningi banquma ukuphinda ukuskena kwezinhlelo ezisengozini futhi babhekene neqiniso lokuthi abantu abambalwa abanake isexwayiso futhi i-67% yamaseva e-Apache Superset asaqhubeka nokusebenzisa okhiye abavela ezibonelweni zokucushwa, izifanekiso zokuthunyelwa noma imibhalo. Ngesikhathi esifanayo, ezinye izinkampani ezinkulu, amanyuvesi kanye nezinhlaka zikahulumeni zaziphakathi kwezinhlangano ezisebenzisa okhiye abazenzakalelayo.
Ukucacisa ukhiye wokusebenza ekucushweni okuyisibonelo manje sekuthathwa njengobungozi (CVE-2023-27524), obulungiswa ekukhishweni kwe-Apache Superset 2.1 ngokukhishwa kwephutha elivimba inkundla ukuthi iqale uma kusetshenziswa ukhiye ocaciswe ku- isibonelo (ukhiye oshiwo esibonelweni sokucushwa senguqulo yamanje kuphela uyacatshangelwa, okhiye abajwayelekile bakudala nezihluthulelo ezivela kuzifanekiso nakumadokhumenti akuvinjwanga). Kuphakanyiswe iskripthi esikhethekile ukuhlola ubungozi kunethiwekhi.
Source: opennet.ru