Search criteria
33 vulnerabilities found for datahub by datahub_project
FKIE_CVE-2024-22409
Vulnerability from fkie_nvd - Published: 2024-01-16 23:15 - Updated: 2024-11-21 08:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| datahub_project | datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1",
"versionEndExcluding": "0.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user\u0027s profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade."
},
{
"lang": "es",
"value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. En las versiones afectadas, un usuario con pocos privilegios pod\u00eda eliminar a un usuario, editar miembros del grupo o editar la informaci\u00f3n del perfil de otro usuario. Los privilegios predeterminados otorgaban demasiados permisos amplios a usuarios con pocos privilegios. Estos se han restringido en el PR #9067 para evitar abusos. Este problema puede provocar una escalada de privilegios para usuarios con privilegios inferiores hasta privilegios de administrador, potencialmente, si existe un grupo con privilegios de administrador. Puede que no afecte a las instancias que han modificado los privilegios predeterminados. Este problema se solucion\u00f3 en la versi\u00f3n 0.12.1 de DataHub. Se recomienda a los usuarios que actualicen."
}
],
"id": "CVE-2024-22409",
"lastModified": "2024-11-21T08:56:13.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T23:15:08.900",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/datahub-project/datahub/pull/9067"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/datahub-project/datahub/pull/9067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-47640
Vulnerability from fkie_nvd - Published: 2023-11-14 21:15 - Updated: 2024-11-21 08:30
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| datahub_project | datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9EC1A2-5DA6-4B23-9C0D-D93095C69C6A",
"versionEndExcluding": "0.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. La firma HMAC para las sesiones de DataHub Frontend se firmaba utilizando un HMAC SHA-1 con la clave secreta de frontend. SHA1 con una clave de 10 bytes puede ser forzado de forma bruta utilizando recursos suficientes (es decir, actores a nivel de estado con grandes capacidades computacionales). DataHub Frontend estaba utilizando Play LegacyCookiesModule con configuraci\u00f3n predeterminada que utiliza SHA1 HMAC para firmar. Esto se ve agravado por el uso de una longitud de clave m\u00e1s corta que la recomendada de forma predeterminada para la clave de firma para el valor secreto aleatorio. Un atacante autenticado (o un atacante que de otro modo haya obtenido un token de sesi\u00f3n) podr\u00eda descifrar la clave de firma de DataHub y obtener privilegios escalados generando una cookie de sesi\u00f3n privilegiada. Debido a que la longitud de la clave es parte del riesgo, las implementaciones deben actualizarse al gr\u00e1fico de tim\u00f3n m\u00e1s reciente y rotar su secreto de firma de sesi\u00f3n. Todas las implementaciones que utilizan las configuraciones predeterminadas del gr\u00e1fico de tim\u00f3n para generar la clave secreta de Play utilizada para firmar se ven afectadas por esta vulnerabilidad. La versi\u00f3n 0.11.1 resuelve esta vulnerabilidad. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47640",
"lastModified": "2024-11-21T08:30:35.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T21:15:13.517",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-47628
Vulnerability from fkie_nvd - Published: 2023-11-14 01:15 - Updated: 2024-11-21 08:30
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| datahub_project | datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1",
"versionEndExcluding": "0.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. DataHub Frontend\u0027s sessions are configured using Play Framework\u0027s default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. Las sesiones de DataHub Frontend se configuran utilizando la configuraci\u00f3n predeterminada de Play Framework para sesiones sin estado que no establecen un tiempo de vencimiento para una cookie. Debido a esto, si alguna vez se filtrara una cookie de sesi\u00f3n, ser\u00eda v\u00e1lida para siempre. DataHub utiliza una cookie de sesi\u00f3n sin estado que no se invalida al cerrar sesi\u00f3n, simplemente se elimina del navegador y obliga al usuario a iniciar sesi\u00f3n nuevamente. Sin embargo, si un atacante extrae una cookie de un usuario autenticado, seguir\u00e1 siendo v\u00e1lida ya que no hay validaci\u00f3n en una ventana de tiempo para la cual el token de sesi\u00f3n es v\u00e1lido debido a una combinaci\u00f3n del uso de LegacyCookiesModule de Play Framework y el uso de configuraciones predeterminadas que no establezca un tiempo de vencimiento. Todas las instancias de DataHub anteriores al parche que eliminaron al usuario de DataHub, pero no las pol\u00edticas predeterminadas que se aplican a ese usuario, se ven afectadas. Se recomienda a los usuarios que actualicen a la versi\u00f3n 0.12.1, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47628",
"lastModified": "2024-11-21T08:30:33.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T01:15:08.137",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-47629
Vulnerability from fkie_nvd - Published: 2023-11-14 01:15 - Updated: 2024-11-21 08:30
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| datahub_project | datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1",
"versionEndExcluding": "0.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. En las versiones afectadas, el registro a trav\u00e9s de un enlace de invitaci\u00f3n no restringe adecuadamente que los usuarios se registren como cuentas privilegiadas. Si un usuario recibe un enlace de registro de correo electr\u00f3nico, potencialmente puede crear una cuenta de administrador dadas ciertas condiciones previas. Si se elimin\u00f3 el usuario predeterminado del centro de datos, entonces el usuario puede registrarse para obtener una cuenta que aproveche las pol\u00edticas predeterminadas que otorgan privilegios de administrador al usuario del centro de datos. Todas las instancias de DataHub anteriores al parche que eliminaron al usuario de DataHub, pero no las pol\u00edticas predeterminadas que se aplican a ese usuario, se ven afectadas. Se recomienda a los usuarios que actualicen a la versi\u00f3n 0.12.1, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-47629",
"lastModified": "2024-11-21T08:30:33.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T01:15:08.350",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25559
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2025-12-03 21:05
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1AD51D-2FDE-4A9F-B2CB-EBAC66BBE6C8",
"versionEndExcluding": "0.8.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079."
}
],
"id": "CVE-2023-25559",
"lastModified": "2025-12-03T21:05:03.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:26.530",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25557
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2025-12-03 21:05
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1AD51D-2FDE-4A9F-B2CB-EBAC66BBE6C8",
"versionEndExcluding": "0.8.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076."
}
],
"id": "CVE-2023-25557",
"lastModified": "2025-12-03T21:05:03.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:26.353",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25561
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2025-12-03 21:05
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1AD51D-2FDE-4A9F-B2CB-EBAC66BBE6C8",
"versionEndExcluding": "0.8.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081."
}
],
"id": "CVE-2023-25561",
"lastModified": "2025-12-03T21:05:03.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:26.690",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25560
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2025-12-03 21:05
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1AD51D-2FDE-4A9F-B2CB-EBAC66BBE6C8",
"versionEndExcluding": "0.8.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080."
}
],
"id": "CVE-2023-25560",
"lastModified": "2025-12-03T21:05:03.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:26.610",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-913"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25562
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2025-12-03 21:05
Severity ?
6.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1AD51D-2FDE-4A9F-B2CB-EBAC66BBE6C8",
"versionEndExcluding": "0.8.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083."
}
],
"id": "CVE-2023-25562",
"lastModified": "2025-12-03T21:05:03.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:26.770",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-25558
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2024-11-21 07:49
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| datahub_project | datahub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2708E599-3544-42CD-9C8F-77505D536A47",
"versionEndExcluding": "0.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086."
}
],
"id": "CVE-2023-25558",
"lastModified": "2024-11-21T07:49:43.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:26.437",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
CVE-2024-22409 (GCVE-0-2024-22409)
Vulnerability from cvelistv5 – Published: 2024-01-16 22:16 – Updated: 2025-06-17 21:19
VLAI?
Summary
DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
Severity ?
7.5 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"
},
{
"name": "https://github.com/datahub-project/datahub/pull/9067",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/pull/9067"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T22:11:46.884647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:16.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user\u0027s profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T22:16:48.690Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"
},
{
"name": "https://github.com/datahub-project/datahub/pull/9067",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/pull/9067"
}
],
"source": {
"advisory": "GHSA-x3v6-r479-m4xv",
"discovery": "UNKNOWN"
},
"title": "Default Privileges allow for high level operations for low privileged users in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22409",
"datePublished": "2024-01-16T22:16:48.690Z",
"dateReserved": "2024-01-10T15:09:55.550Z",
"dateUpdated": "2025-06-17T21:19:16.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47640 (GCVE-0-2023-47640)
Vulnerability from cvelistv5 – Published: 2023-11-14 20:55 – Updated: 2025-01-07 19:13
VLAI?
Summary
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
6.4 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-22T19:16:08.079768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:13:55.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T20:55:02.080Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw"
}
],
"source": {
"advisory": "GHSA-fg9x-wvqw-6gmw",
"discovery": "UNKNOWN"
},
"title": "Insecure Use of HMAC-SHA1 For Session Signing in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47640",
"datePublished": "2023-11-14T20:55:02.080Z",
"dateReserved": "2023-11-07T16:57:49.245Z",
"dateUpdated": "2025-01-07T19:13:55.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47628 (GCVE-0-2023-47628)
Vulnerability from cvelistv5 – Published: 2023-11-14 00:33 – Updated: 2024-09-03 14:35
VLAI?
Summary
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
Severity ?
4.2 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:35:18.972029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:35:43.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. DataHub Frontend\u0027s sessions are configured using Play Framework\u0027s default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T00:33:12.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"
}
],
"source": {
"advisory": "GHSA-75p8-rgh2-r9mx",
"discovery": "UNKNOWN"
},
"title": "Session Expiration Misconfiguration in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47628",
"datePublished": "2023-11-14T00:33:12.602Z",
"dateReserved": "2023-11-07T16:57:49.244Z",
"dateUpdated": "2024-09-03T14:35:43.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47629 (GCVE-0-2023-47629)
Vulnerability from cvelistv5 – Published: 2023-11-14 00:32 – Updated: 2024-09-03 14:41
VLAI?
Summary
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47629",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:40:48.214039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:41:13.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T00:32:12.079Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"source": {
"advisory": "GHSA-vj59-23ww-p6c8",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation through email sign-up in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47629",
"datePublished": "2023-11-14T00:32:12.079Z",
"dateReserved": "2023-11-07T16:57:49.244Z",
"dateUpdated": "2024-09-03T14:41:13.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25557 (GCVE-0-2023-25557)
Vulnerability from cvelistv5 – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.
Severity ?
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:53.888034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:15.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:09.214Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg"
}
],
"source": {
"advisory": "GHSA-5w2h-q83m-65xg",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25557",
"datePublished": "2023-02-10T22:03:09.214Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:15.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25558 (GCVE-0-2023-25558)
Vulnerability from cvelistv5 – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.9.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv"
},
{
"name": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:59.179452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:21.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:07.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv"
},
{
"name": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f"
}
],
"source": {
"advisory": "GHSA-hrwp-2q5c-86wv",
"discovery": "UNKNOWN"
},
"title": "Deserialization of untrusted data in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25558",
"datePublished": "2023-02-10T22:03:07.330Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:21.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25559 (GCVE-0-2023-25559)
Vulnerability from cvelistv5 – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079.
Severity ?
8.2 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:02.079820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:27.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:05.646Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8"
}
],
"source": {
"advisory": "GHSA-qgp2-qr66-j8r8",
"discovery": "UNKNOWN"
},
"title": "System account impersonation in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25559",
"datePublished": "2023-02-10T22:03:05.646Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:27.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25560 (GCVE-0-2023-25560)
Vulnerability from cvelistv5 – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080.
Severity ?
8.2 (High)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:04.984418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:33.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:03.926Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3"
}
],
"source": {
"advisory": "GHSA-6rpf-5cfg-h8f3",
"discovery": "UNKNOWN"
},
"title": "JSON Injection in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25560",
"datePublished": "2023-02-10T22:03:03.926Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:33.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25561 (GCVE-0-2023-25561)
Vulnerability from cvelistv5 – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.
Severity ?
5.7 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c"
},
{
"name": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:07.710556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:40.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:02.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c"
},
{
"name": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26"
}
],
"source": {
"advisory": "GHSA-7wc6-p6c4-522c",
"discovery": "UNKNOWN"
},
"title": "Login fail open on JAAS misconfiguration in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25561",
"datePublished": "2023-02-10T22:03:02.527Z",
"dateReserved": "2023-02-07T17:10:00.734Z",
"dateUpdated": "2025-03-10T21:13:40.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25562 (GCVE-0-2023-25562)
Vulnerability from cvelistv5 – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083.
Severity ?
6.9 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj"
},
{
"name": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:10.079230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:45.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:00.889Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj"
},
{
"name": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78"
}
],
"source": {
"advisory": "GHSA-3974-hxjh-m3jj",
"discovery": "UNKNOWN"
},
"title": "Failure to Invalidate Session on Logout in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25562",
"datePublished": "2023-02-10T22:03:00.889Z",
"dateReserved": "2023-02-07T17:10:00.735Z",
"dateUpdated": "2025-03-10T21:13:45.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22409 (GCVE-0-2024-22409)
Vulnerability from nvd – Published: 2024-01-16 22:16 – Updated: 2025-06-17 21:19
VLAI?
Summary
DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
Severity ?
7.5 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"
},
{
"name": "https://github.com/datahub-project/datahub/pull/9067",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/pull/9067"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T22:11:46.884647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:16.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user\u0027s profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T22:16:48.690Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv"
},
{
"name": "https://github.com/datahub-project/datahub/pull/9067",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/pull/9067"
}
],
"source": {
"advisory": "GHSA-x3v6-r479-m4xv",
"discovery": "UNKNOWN"
},
"title": "Default Privileges allow for high level operations for low privileged users in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22409",
"datePublished": "2024-01-16T22:16:48.690Z",
"dateReserved": "2024-01-10T15:09:55.550Z",
"dateUpdated": "2025-06-17T21:19:16.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47640 (GCVE-0-2023-47640)
Vulnerability from nvd – Published: 2023-11-14 20:55 – Updated: 2025-01-07 19:13
VLAI?
Summary
DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
6.4 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-22T19:16:08.079768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:13:55.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T20:55:02.080Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-fg9x-wvqw-6gmw"
}
],
"source": {
"advisory": "GHSA-fg9x-wvqw-6gmw",
"discovery": "UNKNOWN"
},
"title": "Insecure Use of HMAC-SHA1 For Session Signing in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47640",
"datePublished": "2023-11-14T20:55:02.080Z",
"dateReserved": "2023-11-07T16:57:49.245Z",
"dateUpdated": "2025-01-07T19:13:55.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47628 (GCVE-0-2023-47628)
Vulnerability from nvd – Published: 2023-11-14 00:33 – Updated: 2024-09-03 14:35
VLAI?
Summary
DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
Severity ?
4.2 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:35:18.972029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:35:43.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. DataHub Frontend\u0027s sessions are configured using Play Framework\u0027s default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T00:33:12.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx"
}
],
"source": {
"advisory": "GHSA-75p8-rgh2-r9mx",
"discovery": "UNKNOWN"
},
"title": "Session Expiration Misconfiguration in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47628",
"datePublished": "2023-11-14T00:33:12.602Z",
"dateReserved": "2023-11-07T16:57:49.244Z",
"dateUpdated": "2024-09-03T14:35:43.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47629 (GCVE-0-2023-47629)
Vulnerability from nvd – Published: 2023-11-14 00:32 – Updated: 2024-09-03 14:41
VLAI?
Summary
DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.12.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47629",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:40:48.214039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:41:13.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T00:32:12.079Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8"
}
],
"source": {
"advisory": "GHSA-vj59-23ww-p6c8",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation through email sign-up in datahub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47629",
"datePublished": "2023-11-14T00:32:12.079Z",
"dateReserved": "2023-11-07T16:57:49.244Z",
"dateUpdated": "2024-09-03T14:41:13.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25561 (GCVE-0-2023-25561)
Vulnerability from nvd – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.
Severity ?
5.7 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c"
},
{
"name": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:07.710556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:40.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:02.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c"
},
{
"name": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java#L26"
}
],
"source": {
"advisory": "GHSA-7wc6-p6c4-522c",
"discovery": "UNKNOWN"
},
"title": "Login fail open on JAAS misconfiguration in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25561",
"datePublished": "2023-02-10T22:03:02.527Z",
"dateReserved": "2023-02-07T17:10:00.734Z",
"dateUpdated": "2025-03-10T21:13:40.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25557 (GCVE-0-2023-25557)
Vulnerability from nvd – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.
Severity ?
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:53.888034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:15.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:09.214Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg"
}
],
"source": {
"advisory": "GHSA-5w2h-q83m-65xg",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25557",
"datePublished": "2023-02-10T22:03:09.214Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:15.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25562 (GCVE-0-2023-25562)
Vulnerability from nvd – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083.
Severity ?
6.9 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj"
},
{
"name": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:10.079230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:45.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:00.889Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj"
},
{
"name": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78"
}
],
"source": {
"advisory": "GHSA-3974-hxjh-m3jj",
"discovery": "UNKNOWN"
},
"title": "Failure to Invalidate Session on Logout in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25562",
"datePublished": "2023-02-10T22:03:00.889Z",
"dateReserved": "2023-02-07T17:10:00.735Z",
"dateUpdated": "2025-03-10T21:13:45.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25559 (GCVE-0-2023-25559)
Vulnerability from nvd – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079.
Severity ?
8.2 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:02.079820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:27.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:05.646Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8"
}
],
"source": {
"advisory": "GHSA-qgp2-qr66-j8r8",
"discovery": "UNKNOWN"
},
"title": "System account impersonation in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25559",
"datePublished": "2023-02-10T22:03:05.646Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:27.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25560 (GCVE-0-2023-25560)
Vulnerability from nvd – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080.
Severity ?
8.2 (High)
CWE
- CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.8.45
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:04.984418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:33.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:03.926Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3"
}
],
"source": {
"advisory": "GHSA-6rpf-5cfg-h8f3",
"discovery": "UNKNOWN"
},
"title": "JSON Injection in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25560",
"datePublished": "2023-02-10T22:03:03.926Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:33.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25558 (GCVE-0-2023-25558)
Vulnerability from nvd – Published: 2023-02-10 22:03 – Updated: 2025-03-10 21:13
VLAI?
Summary
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| datahub-project | datahub |
Affected:
< 0.9.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv"
},
{
"name": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:57:59.179452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:13:21.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datahub",
"vendor": "datahub-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T22:03:07.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv"
},
{
"name": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f"
}
],
"source": {
"advisory": "GHSA-hrwp-2q5c-86wv",
"discovery": "UNKNOWN"
},
"title": "Deserialization of untrusted data in DataHub"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25558",
"datePublished": "2023-02-10T22:03:07.330Z",
"dateReserved": "2023-02-07T17:10:00.733Z",
"dateUpdated": "2025-03-10T21:13:21.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}