CVE-2024-28253
CVSS V2 None
CVSS V3 None
Description
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2024-28253
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-15T19:55:39.720Z
- Last Modified Date
- 2024-03-15T19:55:39.720Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-28253 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28253 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 07:45:07 | Added to TrackCVE |