CVE-2024-28255 Scanner
CVE-2024-28255 scanner - Unauthorized Admin Access vulnerability in OpenMetadata
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
30 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
OpenMetadata is a unified platform for discovery, observability, and governance. It is used by data engineers, analysts, and scientists to manage and understand metadata across their organizations. The platform offers a central metadata repository, in-depth lineage tracking, and team collaboration features. It integrates seamlessly with various data tools and provides comprehensive governance capabilities. Users rely on OpenMetadata for efficient data management and to ensure data quality and compliance.
The unauthorized admin access vulnerability in OpenMetadata allows attackers to bypass authentication mechanisms. By exploiting path parameters, attackers can access arbitrary endpoints without JWT validation. This vulnerability can lead to unauthorized access to critical parts of the application. Users of OpenMetadata versions 1.2.3 and earlier are affected.
The vulnerability lies in the JwtFilter component of OpenMetadata, which handles API authentication by verifying JWT tokens. Attackers can manipulate path parameters to include arbitrary strings, bypassing the JWT validation for excluded endpoints. For example, a crafted request to GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111 will be processed without JWT verification. This allows unauthorized access to endpoints, potentially leading to SpEL expression injection. The issue is fixed in version 1.2.4.
Exploitation of this vulnerability can result in unauthorized access to sensitive endpoints. Attackers could gain admin-level access, execute arbitrary code, and compromise the integrity and confidentiality of the system. This could lead to data breaches, unauthorized data modifications, and disruption of services.
By joining the S4E platform, you can protect your digital assets with comprehensive vulnerability scanning and reporting. Our platform provides in-depth analyses, actionable remediation steps, and continuous monitoring to safeguard your applications. Stay ahead of potential threats and ensure the security and compliance of your systems. Become a member today and benefit from our extensive cybersecurity expertise.
References:
- https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L111
- https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L113
- https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84
- https://nvd.nist.gov/vuln/detail/CVE-2024-28255
- https://github.com/wy876/wiki
