From 6a84cc8a5743ce2ab0e7a00a13d6bea425061bea Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Tue, 12 Sep 2023 18:27:42 -0500
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 122 ++++++++++++++++++++++++++++++++++
 1 file changed, 122 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index e7e5b909d7..941b71d5ca 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -17510,6 +17510,70 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "auxiliary_gather/apache_superset_cookie_sig_priv_esc": {
+    "name": "Apache Superset Signed Cookie Priv Esc",
+    "fullname": "auxiliary/gather/apache_superset_cookie_sig_priv_esc",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2023-04-25",
+    "type": "auxiliary",
+    "author": [
+      "h00die",
+      "paradoxis",
+      "Spencer McIntyre",
+      "Naveen Sunkavally"
+    ],
+    "description": "Apache Superset versions <= 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies.\n          These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that\n          of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user and retrieve database\n          credentials saved in Apache Superset.",
+    "references": [
+      "URL-https://github.com/Paradoxis/Flask-Unsign",
+      "URL-https://vulcan.io/blog/cve-2023-27524-in-apache-superset-what-you-need-to-know/",
+      "URL-https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/",
+      "URL-https://github.com/horizon3ai/CVE-2023-27524/blob/main/CVE-2023-27524.py",
+      "EDB-51447",
+      "CVE-2023-27524"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 8088,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2023-09-12 15:52:58 +0000",
+    "path": "/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.rb",
+    "is_install_path": true,
+    "ref_name": "gather/apache_superset_cookie_sig_priv_esc",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "auxiliary_gather/apple_safari_ftp_url_cookie_theft": {
     "name": "Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft",
     "fullname": "auxiliary/gather/apple_safari_ftp_url_cookie_theft",
@@ -21827,6 +21891,64 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "auxiliary_gather/python_flask_cookie_signer": {
+    "name": "Python Flask Cookie Signer",
+    "fullname": "auxiliary/gather/python_flask_cookie_signer",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2019-01-26",
+    "type": "auxiliary",
+    "author": [
+      "h00die",
+      "paradoxis",
+      "Spencer McIntyre"
+    ],
+    "description": "This is a generic module which can manipulate Python Flask-based application cookies.\n          The Retrieve action will connect to a web server, grab the cookie, and decode it.\n          The Resign action will do the same as above, but after decoding it, it will replace\n          the contents with that in NEWCOOKIECONTENT, then sign the cookie with SECRET. This\n          cookie can then be used in a browser. This is a Ruby based implementation of some\n          of the features in the Python project Flask-Unsign.",
+    "references": [
+      "URL-https://github.com/Paradoxis/Flask-Unsign"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2023-09-12 15:52:58 +0000",
+    "path": "/modules/auxiliary/gather/python_flask_cookie_signer.rb",
+    "is_install_path": true,
+    "ref_name": "gather/python_flask_cookie_signer",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "auxiliary_gather/qnap_backtrace_admin_hash": {
     "name": "QNAP NAS/NVR Administrator Hash Disclosure",
     "fullname": "auxiliary/gather/qnap_backtrace_admin_hash",