CVE-2022-39366

🗓️ 28 Oct 2022 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 83 Views

DataHub Metadata Service GMS prior to v0.8.45 allows authentication bypass via JWT token signature verification flaw

Reporter	Title	Published	Views	Family All 11
CNNVD	DataHub 数据伪造问题漏洞	28 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-39366 DataHub missing JWT signature check	28 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-7158	3 Oct 202520:07	–	euvd
Github Security Blog	acryl-datahub missing JWT signature check	31 Oct 202222:42	–	github
NVD	CVE-2022-39366	28 Oct 202217:15	–	nvd
OSV	CVE-2022-39366 DataHub missing JWT signature check	28 Oct 202200:00	–	osv
OSV	GHSA-R8GM-V65F-C973 acryl-datahub missing JWT signature check	31 Oct 202222:42	–	osv
Prion	Authentication flaw	28 Oct 202217:15	–	prion
Positive Technologies	PT-2022-24933	28 Oct 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-39366	5 Feb 202519:37	–	redhatcve

NVD

Vulners

Node

datahub datahubRange<0.8.45

[
  {
    "vendor": "datahub-project",
    "product": "datahub",
    "versions": [
      {
        "version": "< 0.8.45",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/metadata-service/auth-impl/src/main/java/com/datahub/authentication/token/StatelessTokenService.java
github	www.github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/metadata-service/auth-impl/src/main/java/com/datahub/authentication/token/StatelessTokenService.java
github	www.github.com/datahub-project/datahub/releases/tag/v0.8.45
github	www.github.com/datahub-project/datahub/security/advisories/GHSA-r8gm-v65f-c973
codeql	www.codeql.github.com/codeql-query-help/java/java-missing-jwt-signature-check/

03 Dec 2025 21:05Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19.8 - 9.9

EPSS0.00958

SSVC

datahub metadata service gms cve-2022-39366 authentication bypass jwt signature verification vulnerability