3 matches found
CVE-2023-25557
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...
Design/Logic Flaw
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...
CVE-2023-25557
Summary: CVE-2023-25557 affects DataHub’s frontend proxy, which forwards REST/GraphQL requests to the DataHub Metadata Store (GMS). The proxy may mishandle URL construction when relaying requests, enabling a Server-Side Request Forgery (SSRF) where an attacker could redirect a frontend-originated...