Lucene search
K

5 matches found

NVD
NVD
added 2023/02/11 1:23 a.m.56 views

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

9.8CVSS6.9AI score0.00392EPSS
Exploits0References2
Prion
Prion
added 2023/02/11 1:23 a.m.24 views

Authentication flaw

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

7.5CVSS9.7AI score0.00392EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/10 10:3 p.m.46 views

CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

5.7CVSS10AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2023/02/10 10:3 p.m.55 views

CVE-2023-25561

CVE-2023-25561 affects DataHub. If JAAS authentication is used and the JAAS configuration has an error, authenticateJaasUser swallows the error, causing authentication to fail open and allowing unauthenticated logins with any username/password. Advisories from NVD/Red Hat/PRION note upgrading Dat...

9.8CVSS7.9AI score0.00392EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/10 10:3 p.m.39 views

CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

5.7CVSS9.3AI score0.00392EPSS
Exploits0References4
Rows per page
Query Builder