CVE-2023-25561

🗓️ 11 Feb 2023 01:26:23Reported by GitHub_MType

DataHub allows unauthenticated access due to JAAS authentication error

Reporter	Title	Published	Views	Family All 6
NVD	CVE-2023-25561	11 Feb 202301:23	–	nvd
OSV	CVE-2023-25561	11 Feb 202301:23	–	osv
Vulnrichment	CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub	10 Feb 202322:03	–	vulnrichment
Prion	Authentication flaw	11 Feb 202301:23	–	prion
Cvelist	CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub	10 Feb 202322:03	–	cvelist
Github Security Blog	GitHub Security Lab audited DataHub: Here’s what they found	3 Mar 202319:53	–	github

Nvd

Vulners

Node

datahub_project datahubRange<0.8.45

[
  {
    "vendor": "datahub-project",
    "product": "datahub",
    "versions": [
      {
        "version": "< 0.8.45",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c
github	www.github.com/datahub-project/datahub/blob/fdf4e48495f083314f59c414bcc7c2601633a2b8/datahub-frontend/app/security/AuthenticationManager.java

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Feb 2023 01:23Current

7.9High risk

Vulners AI Score7.9

CVSS35.7 - 9.8

EPSS0.00185

SSVC

CWE-755