8 matches found
OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit
This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution. This module requires Metasploit: https://metasploit.com/download Current source:...
OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMetadata authentication bypass and SpEL injection exploit chain', 'Description' = %q OpenMetadata is a unified platform for discovery,...
OpenMetadata authentication bypass and SpEL injection exploit chain
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. This module chains two vulnerabilities that exist in the OpenMetadata aplication. The first vulnerability, CVE-2024-28255,...
Exploit for CVE-2024-28255
OpenMetadataRCE CVE-2024-28255 Batch scan/exploit 1.このツー...
CVE-2024-28255
creationtimestamp| type| source ---|---|--- 2024-03-15 21:22:17+00:00| seen| https://t.me/ctinow/209161 2024-03-15 21:26:30+00:00| seen| https://t.me/ctinow/209174 2024-04-06 20:48:17+00:00| seen| https://t.me/arpsyndicate/4375 2024-04-07 13:48:20+00:00| published-proof-of-concept|...
CVE-2024-28255 Authentication Bypass in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...
CVE-2024-28255 Authentication Bypass in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...
CVE-2024-28255
OpenMetadata contains a flaw in the JwtFilter authentication check: the code may treat certain requests as excluded endpoints due to path parameters, allowing requests to bypass JWT validation and reach protected endpoints. The issue enables authentication bypass and, in combination with SpEL inj...