5 matches found
CVE-2023-25561
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...
Authentication flaw
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...
CVE-2023-25561
CVE-2023-25561 affects DataHub. If JAAS authentication is used and the JAAS configuration has an error, authenticateJaasUser swallows the error, causing authentication to fail open and allowing unauthenticated logins with any username/password. Advisories from NVD/Red Hat/PRION note upgrading Dat...
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...