📦 Openmetadata
by Open Metadata
🔍 What is Openmetadata?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-28255 is an authentication bypass vulnerability in OpenMetadata's JWT filter that allows attackers to access protected endpoints without valid credentials by manipulating path parameters. Thi...
This vulnerability in OpenMetadata allows remote attackers to execute arbitrary code by exploiting a Spring Expression Language (SpEL) injection flaw. Attackers can send crafted PUT requests to the po...
OpenMetadata versions before 1.11.8 leak JSON Web Tokens (JWTs) used by the ingestion-bot service through API calls from the UI. This allows any read-only user to gain highly privileged Ingestion Bot ...
OpenMetadata versions before 1.11.4 contain a Server-Side Template Injection vulnerability in FreeMarker email templates that allows remote code execution. Attackers with administrative privileges can...
OpenMetadata versions up to 1.4.4 contain a SQL injection vulnerability in the TestDefinitionDAO interface. Attackers can exploit the testPlatform parameter in the listCount function to execute arbitr...
OpenMetadata versions up to 1.4.1 contain a SQL injection vulnerability in the WorkflowDAO interface's listCount function. Attackers can exploit the workflowtype and status parameters to execute arbit...
This vulnerability allows authenticated non-admin users in OpenMetadata to execute arbitrary system commands via SpEL expression injection. Attackers can achieve remote code execution by exploiting th...
OpenMetadata versions up to 1.4.4 contain a SQL injection vulnerability in the TestDefinitionDAO interface. Attackers can exploit the supportedDataTypeParam parameter in the listCount function to extr...
OpenMetadata versions up to 1.4.4 contain a SQL injection vulnerability in the DocStoreDAO interface's listCount function. Attackers can exploit this by manipulating the entityType parameter to execut...