Description

OpenMetadata suffers from an authentication bypass due to a JWT filter vulnerability. Attackers can manipulate path parameters to skip JWT validation, leading to unauthorized access to arbitrary endpoints, including those vulnerable to SpEL expression injection.

Remediation

Upgrade to OpenMetadata version 1.2.4 or later.

References

Authentication Bypass (`GHSL-2023-237`)

NVD CVE-2024-28255 Detail

Related Vulnerabilities

LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)

MediaWiki Other Vulnerability (CVE-2004-2152)

cPanel XSS (CVE-2023-29489)

Severity

Critical

Classification

CVE-2024-28255 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Known Vulnerabilities