Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention

Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious code.

You can read the full article here.