Description

OpenMetadata suffers from an authentication bypass due to a JWT filter vulnerability. Attackers can manipulate path parameters to skip JWT validation, leading to unauthorized access to arbitrary endpoints, including those vulnerable to SpEL expression injection.

Remediation

Upgrade to OpenMetadata version 1.2.4 or later.

References

Authentication Bypass (`GHSL-2023-237`)

NVD CVE-2024-28255 Detail

Related Vulnerabilities

Oracle JRE CVE-2017-10281 Vulnerability (CVE-2017-10281)

Java Denial of Service (DoS) Vulnerability (CVE-2019-2769)

WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3361)

WordPress Incorrect Default Permissions Vulnerability (CVE-2011-1762)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27914)

Severity

Critical

Classification

CVE-2024-28255 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Known Vulnerabilities