Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Vulnerability Description
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in OpenMetadata instances, and potential data leakage (e.g. sample data, or service metadata which would be unavailable per roles/policies). This vulnerability is fixed in 1.11.8.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
OpenMetadata 安全漏洞
Vulnerability Description
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.11.8之前版本存在安全漏洞,该漏洞源于UI对/api/v1/ingestionPipelines的调用泄露了某些服务使用的JWT,可能导致只读用户获得高权限账户访问权限。
CVSS Information
N/A
Vulnerability Type
N/A