CVE-2024-28255 | open-metadata OpenMetadata up to 1.2.3 /api/v1 getUserPrincipal improper authentication

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability, which was classified as very critical, was found in open-metadata OpenMetadata up to 1.2.3. Affected is the function getUserPrincipal of the file /api/v1. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2024-28255. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28255 | open-metadata OpenMetadata up to 1.2.3 /api/v1 getUserPrincipal improper authentication

Related Posts

CVE-2024-42934 | openipmi IPMI Simulator improper authorization

CVE-2021-47091 | Linux Kernel up to 5.10.88/5.15.11 mac80211 lockdep_assert_held assertion (ac61b9c6c054/c1d1ec4db5f7/87a270625a89)

CVE-2023-50768 | Nexus Platform Plugin up to 3.18.0-03 on Jenkins cross-site request forgery

CVE-2024-7420 | Insert PHP Code Snippet Plugin up to 1.3.6 on WordPress cross-site request forgery