CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

975 matches found

SUSE CVE•added 2023/02/15 3:43 a.m.•4 views

SUSE CVE-2021-29428

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...

8.8CVSS9.1AI score0.00089EPSS

Exploits1References4

NVD•added 2023/02/11 1:23 a.m.•8 views

CVE-2023-25562

DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...

9.8CVSS7.6AI score0.00135EPSS

Exploits0References2

NVD•added 2023/02/11 1:23 a.m.•10 views

CVE-2023-25558

DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the idtoken is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the...

8.8CVSS8.2AI score0.04227EPSS

Exploits0References2

NVD•added 2023/02/11 1:23 a.m.•8 views

CVE-2023-25559

DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...

8.2CVSS8.4AI score0.00203EPSS

Exploits0References1

NVD•added 2023/02/11 1:23 a.m.•9 views

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

9.8CVSS6.9AI score0.00297EPSS

Exploits0References2

NVD•added 2023/02/11 1:23 a.m.•12 views

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

9.1CVSS8AI score0.00477EPSS

Exploits0References1

Prion•added 2023/02/11 1:23 a.m.•26 views

Design/Logic Flaw

6.4CVSS9.2AI score0.00477EPSS

Exploits0References1Affected Software1

Prion•added 2023/02/11 1:23 a.m.•11 views

Authentication flaw

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

7.5CVSS9.7AI score0.00342EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/02/10 10:3 p.m.•12 views

CVE-2023-25557 Server-Side Request Forgery in DataHub

7.5CVSS9.5AI score0.00477EPSS

Exploits0References1

Vulnrichment•added 2023/02/10 10:3 p.m.•5 views

CVE-2023-25557 Server-Side Request Forgery in DataHub

7.5CVSS8.2AI score0.00477EPSS

Exploits0References1

CVE•added 2023/02/10 10:3 p.m.•41 views

CVE-2023-25557

Summary: CVE-2023-25557 affects DataHub’s frontend proxy, which forwards REST/GraphQL requests to the DataHub Metadata Store (GMS). The proxy may mishandle URL construction when relaying requests, enabling a Server-Side Request Forgery (SSRF) where an attacker could redirect a frontend-originated...

9.1CVSS8.7AI score0.00477EPSS

Exploits0References1Affected Software1