CVE-2024-28255 | open-metadata OpenMetadata up to 1.2.3 /api/v1 getUserPrincipal improper authentication

Inserito da Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability, which was classified as very critical, was found in open-metadata OpenMetadata up to 1.2.3. Affected is the function getUserPrincipal of the file /api/v1. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2024-28255. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28255 | open-metadata OpenMetadata up to 1.2.3 /api/v1 getUserPrincipal improper authentication

Post correlati

CVE-2024-7752 | SourceCodester Clinics Patient Management System 1.0 /update_medicine.php medicine_name cross site scripting

CVE-2023-7153 | Macroturk Macro-Bel up to 1.0.0 cross site scripting

CVE-2024-0293 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi setUploadSetting FileName os command injection

CVE-2024-51506 | Tiki up to 27.0 Create a Wiki Pages description cross site scripting