Lucene search
+L
Datahub ProjectDatahub

5 matches found

CVE
CVE
added 2024/01/16 10:16 p.m.209 views

CVE-2024-22409

DataHub (open‑source metadata platform) has a privilege‑escalation issue in affected versions where a low‑privileged user could remove a user, edit group members, or edit another user’s profile information due to overly broad default privileges. The root cause is tied to default permissions being...

8.8CVSS8.7AI score0.00652EPSS
CVE
CVE
added 2023/11/14 12:32 a.m.53 views

CVE-2023-47629

Summary: CVE-2023-47629 affects DataHub, where sign-up via an invite link can let a user create an admin account under certain preconditions, if the default DataHub user was removed but default policies remain. This can enable privilege escalation to admin level on affected installations. Affecte...

8CVSS7.3AI score0.00472EPSS
CVE
CVE
added 2023/11/14 8:55 p.m.51 views

CVE-2023-47640

DataHub (front-end) is affected by CVE-2023-47640 due to insecure use of HMAC-SHA1 for session signing. The Frontend uses Play LegacyCookiesModule with SHA1 signing and a short signing key, enabling brute-force attempts to recover the signing key and escalate privileges via a privileged session c...

8.8CVSS7.3AI score0.00363EPSS
CVE
CVE
added 2023/02/10 10:3 p.m.48 views

CVE-2023-25558

CVE-2023-25558 affects the DataHub open-source metadata platform. When the DataHub frontend uses SSO, it relies on the pac4j library to process id_token claims. If a claim begins with the {#sb64} prefix, pac4j may deserialize it as a Java object, enabling potential Remote Code Execution (RCE). A ...

8.8CVSS8.5AI score0.01034EPSS
CVE
CVE
added 2023/11/14 12:33 a.m.42 views

CVE-2023-47628

CVE-2023-47628 describes a session-management flaw in DataHub Frontend where Play Framework default settings create a stateless cookie without expiration. The root cause is a cookie policy that does not set an expiration time, compounded by use of LegacyCookiesModule, making a leaked session cook...

4.8CVSS4.6AI score0.00379EPSS