3 matches found
CVE-2023-25559
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...
CVE-2023-25559 System account impersonation in DataHub
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...
CVE-2023-25559
CVE-2023-25559 – DataHub authorization bypass via case-insensitive X-DataHub-Actor header. DataHub’s GMS metadata service, when authentication is not used, reads the X-DataHub-Actor header to identify the acting user. The header name is matched in a case-insensitive manner, allowing an attacker t...