Lucene search
K

8 matches found

0day.today
0day.today
added 2024/08/15 12:0 a.m.373 views

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit

This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS9.7AI score0.73255EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/08/15 12:0 a.m.276 views

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMetadata authentication bypass and SpEL injection exploit chain', 'Description' = %q OpenMetadata is a unified platform for discovery,...

9.8CVSS7AI score0.73255EPSS
Exploits5
Metasploit
Metasploit
added 2024/08/14 6:52 p.m.222 views

OpenMetadata authentication bypass and SpEL injection exploit chain

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. This module chains two vulnerabilities that exist in the OpenMetadata aplication. The first vulnerability, CVE-2024-28255,...

9.8CVSS9.7AI score0.73255EPSS
Exploits5
GithubExploit
GithubExploit
added 2024/04/12 4:29 a.m.737 views

Exploit for CVE-2024-28255

OpenMetadataRCE CVE-2024-28255 Batch scan/exploit 1.このツー...

9.8CVSS9.6AI score0.73255EPSS
Exploits5
Circl
Circl
added 2024/03/15 9:22 p.m.13 views

CVE-2024-28255

creationtimestamp| type| source ---|---|--- 2024-03-15 21:22:17+00:00| seen| https://t.me/ctinow/209161 2024-03-15 21:26:30+00:00| seen| https://t.me/ctinow/209174 2024-04-06 20:48:17+00:00| seen| https://t.me/arpsyndicate/4375 2024-04-07 13:48:20+00:00| published-proof-of-concept|...

9.8CVSS7.1AI score0.73255EPSS
In wildExploits5References13
Vulnrichment
Vulnrichment
added 2024/03/15 7:55 p.m.43 views

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.8AI score0.73255EPSS
Exploits5References3
Cvelist
Cvelist
added 2024/03/15 7:55 p.m.42 views

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS10AI score0.73255EPSS
Exploits5References3
CVE
CVE
added 2024/03/15 7:55 p.m.233 views

CVE-2024-28255

OpenMetadata contains a flaw in the JwtFilter authentication check: the code may treat certain requests as excluded endpoints due to path parameters, allowing requests to bypass JWT validation and reach protected endpoints. The issue enables authentication bypass and, in combination with SpEL inj...

9.8CVSS9.8AI score0.73255EPSS
In wildExploits5References4Affected Software1
Rows per page
Query Builder