CVE-2024-28255 | open-metadata OpenMetadata up to 1.2.3 /api/v1 getUserPrincipal improper authentication

Inserito da Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability, which was classified as very critical, was found in open-metadata OpenMetadata up to 1.2.3. Affected is the function getUserPrincipal of the file /api/v1. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2024-28255. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28255 | open-metadata OpenMetadata up to 1.2.3 /api/v1 getUserPrincipal improper authentication

Post correlati

CVE-2024-7310 | SourceCodester Record Management System 1.0 sort_user.php sort cross site scripting

CVE-2024-39340 | Securepoint UTM up to 12.6.4 OTP Code Privilege Escalation

CVE-2023-5712 | System Dashboard Plugin up to 2.8.7 on WordPress sd_global_value authorization

CVE-2024-10523 | TP-Link Tapo H100 IoT Smart Hub prior 1.5.22 cleartext storage (CIVN-2024-0331)