4 matches found
CVE-2023-25558
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...
Design/Logic Flaw
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...
CVE-2023-25558 Deserialization of untrusted data in DataHub
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...
CVE-2023-25558
CVE-2023-25558 affects the DataHub open-source metadata platform. When the DataHub frontend uses SSO, it relies on the pac4j library to process id_token claims. If a claim begins with the {#sb64} prefix, pac4j may deserialize it as a Java object, enabling potential Remote Code Execution (RCE). A ...