Lucene search
K

5 matches found

Nuclei
Nuclei
added yesterday290 views

OpenMetadata - Authentication Bypass

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.1AI score0.73255EPSS
Exploits5References5
CVE
CVE
added 2024/03/15 7:55 p.m.233 views

CVE-2024-28255

OpenMetadata contains a flaw in the JwtFilter authentication check: the code may treat certain requests as excluded endpoints due to path parameters, allowing requests to bypass JWT validation and reach protected endpoints. The issue enables authentication bypass and, in combination with SpEL inj...

9.8CVSS9.8AI score0.73255EPSS
In wildExploits5References4Affected Software1
Cvelist
Cvelist
added 2024/03/15 7:55 p.m.41 views

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS10AI score0.73255EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2024/03/15 7:55 p.m.43 views

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS7.8AI score0.73255EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2024/03/15 12:0 a.m.870 views

CVE-2024-28255

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

9.8CVSS9.9AI score0.73255EPSS
In wildExploits5References4
Rows per page
Query Builder