Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. By enabling local_infile in the Superset MySQL/MariaDB client and pointing the client to a malicious MySQL server, an attacker may launch “LOAD DATA LOCAL INFILE” (Rogue MySQL Server) attacks resulting in reading files from the server and inserting their content in a MariaDB database table.
The vendor's disclosure for this vulnerability can be found here.
This vulnerability requires:
- Valid credentials for a user which can create database connections
OR - Bypassing authentication via known Flask secret
More details and the exploitation process can be found in this PDF.
Bettercap's mysql.server (rogue)
Blogposts from horizon3.ai regarding the exploitation of multiple Superset CVEs from 2023 Part 1 and Part 2