Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Default Privileges allow for high level operations for low privileged users in datahub
Vulnerability Description
DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
DataHub 安全漏洞
Vulnerability Description
DataHub是datahub-project开源的一个现代数据栈的元数据平台。 DataHub 0.12.0之前版本存在安全漏洞,该漏洞源于允许低权限用户删除用户、编辑组成员或编辑其他用户的配置文件信息。
CVSS Information
N/A
Vulnerability Type
N/A