CVE-2023-47629 – This vulnerability in DataHub allows users with... (How to Fix)

Q: What is the severity of CVE-2023-47629?

CVE-2023-47629 has a CVSS score of 7.1 (HIGH). This vulnerability in DataHub allows users with email sign-up links to create admin accounts when the default 'datahub' user has been removed but its admin policies remain. All DataHub instances prior to version 0.12.1 that have removed the default user are affected.

📋 TL;DR

This vulnerability in DataHub allows users with email sign-up links to create admin accounts when the default 'datahub' user has been removed but its admin policies remain. All DataHub instances prior to version 0.12.1 that have removed the default user are affected.

💻 Affected Systems

Products:

DataHub

Versions: All versions prior to 0.12.1

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the default 'datahub' user has been removed while its admin policies remain in place.

📦 What is this software?

Datahub by Datahub Project

View all CVEs affecting Datahub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthenticated attacker gains full administrative control over the DataHub instance, enabling data manipulation, privilege escalation, and complete system compromise.

🟠

Likely Case

Authorized but non-privileged users exploit the vulnerability to elevate their privileges to admin level, gaining unauthorized access to sensitive metadata and system controls.

🟢

If Mitigated

If the default 'datahub' user exists or proper access controls are configured, the vulnerability cannot be exploited.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires a valid email sign-up link and specific configuration conditions (removed default user with retained policies).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.12.1

Vendor Advisory: https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8

Restart Required: Yes

Instructions:

1. Backup your DataHub instance. 2. Update to version 0.12.1 or later. 3. Restart the DataHub service. 4. Verify the fix by checking the version and testing sign-up functionality.

🧯 If You Can't Patch

Restore the default 'datahub' user account if it was removed
Disable email sign-up functionality entirely

🔍 How to Verify

Check if Vulnerable:

Check if DataHub version is below 0.12.1 AND the default 'datahub' user has been removed from the system.

Check Version:

Check DataHub UI or configuration files for version information, or run: kubectl get pods -n datahub (if using Kubernetes) to check container versions.

Verify Fix Applied:

Verify DataHub version is 0.12.1 or later and test that sign-up links cannot create admin accounts.

📡 Detection & Monitoring

Log Indicators:

Unusual admin account creation events
Sign-up attempts from unexpected email addresses
Authentication logs showing privilege escalation

Network Indicators:

HTTP POST requests to sign-up endpoints with admin privilege parameters

SIEM Query:

source="datahub" AND (event="user_created" AND user_role="admin") OR (event="signup" AND status="success")

📊 Metadata

CVE ID: CVE-2023-47629

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: November 14, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8 Third Party Advisory
https://github.com/datahub-project/datahub/security/advisories/GHSA-vj59-23ww-p6c8 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47629, you might also want to check these: