6 matches found
CVE-2026-49298
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...
CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...
CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...
Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...
GHSA-35VC-W93W-75C2 JWT leak via Open Redirect in Programmatic access
Impact Using programmatic access on protected sites, one can get a signed login URL with pomeriumredirecturi set to an arbitrary URL. Then, if the user has already logged into Pomerium, they will be redirected to the specified pomeriumredirecturi with a JWT attached. This allows an outside attack...
Open Redirect
github.com/pomerium/pomerium is vulnerable to open redirect. When using programmatic login, it does not restrict a signed login URL to redirect a victim to the attacker’s site and eventually can cause a JWT leakage...