Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:51 p.m.7 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 4:51 p.m.8 views

CVE-2026-46481 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/21 4:36 p.m.12 views

OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/21 4:36 p.m.9 views

GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42613

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TEST CONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder