2 matches found
Authentication flaw
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...
CVE-2023-25562
DataHub (open-source metadata platform) before version 0.8.45 is vulnerable to an authentication bypass. The root cause is that session cookies are cleared only on new sign-ins and not on logout, allowing a cookie from a logged-out session to be treated as valid by checks using AuthUtils.hasValid...