Description

OpenMetadata suffers from an authentication bypass due to a JWT filter vulnerability. Attackers can manipulate path parameters to skip JWT validation, leading to unauthorized access to arbitrary endpoints, including those vulnerable to SpEL expression injection.

Remediation

Upgrade to OpenMetadata version 1.2.4 or later.

References

Authentication Bypass (`GHSL-2023-237`)

NVD CVE-2024-28255 Detail

Related Vulnerabilities

ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)

WordPress Plugin Elementor Website Builder Security Bypass (1.7.12)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9466)

Microsoft SQL Server Other Vulnerability (CVE-2003-0231)

Severity

Critical

Classification

CVE-2024-28255 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Known Vulnerabilities