Lucene search
K

4 matches found

NVD
NVD
added 2023/02/11 1:23 a.m.31 views

CVE-2023-25558

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

8.8CVSS8.2AI score0.01034EPSS
Exploits0References2
Prion
Prion
added 2023/02/11 1:23 a.m.16 views

Design/Logic Flaw

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

6.5CVSS8.9AI score0.01034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/10 10:3 p.m.29 views

CVE-2023-25558 Deserialization of untrusted data in DataHub

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

7.5CVSS9.2AI score0.01034EPSS
Exploits0References2
CVE
CVE
added 2023/02/10 10:3 p.m.47 views

CVE-2023-25558

CVE-2023-25558 affects the DataHub open-source metadata platform. When the DataHub frontend uses SSO, it relies on the pac4j library to process id_token claims. If a claim begins with the {#sb64} prefix, pac4j may deserialize it as a Java object, enabling potential Remote Code Execution (RCE). A ...

8.8CVSS8.5AI score0.01034EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder