Datahub Security Vulnerabilities and Issues — Datahub CVE List

Lucene search

Datahub ProjectDatahub

3 matches found

CVE•added 2023/11/14 1:15 a.m.•37 views

CVE-2023-47629

DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default...

8CVSS7.3AI score0.00169EPSS

CVE•added 2023/11/14 9:15 p.m.•27 views

CVE-2023-47640

DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). Dat...

8.8CVSS7.3AI score0.0005EPSS

CVE•added 2023/11/14 1:15 a.m.•26 views

CVE-2023-47628

DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a statel...

4.8CVSS4.6AI score0.00118EPSS