1.2.5
CVE-2024-28255 is a critical authentication bypass vulnerability affecting OpenMetadata versions up to 1.2.3. This flaw allows attackers to circumvent JWT authentication by manipulating request paths, potentially leading to unauthorized access and data compromise. The vulnerability resides in the JwtFilter component, which handles API authentication. A fix is available in version 1.2.4.
The impact of CVE-2024-28255 is severe. An attacker can exploit this vulnerability to bypass authentication and gain unauthorized access to the OpenMetadata platform. This could allow them to view sensitive metadata, modify configurations, or even execute arbitrary code depending on the platform's permissions model. The ability to manipulate request paths to bypass JWT validation significantly broadens the attack surface. Successful exploitation could result in data breaches, system compromise, and disruption of data governance processes. This vulnerability shares similarities with other path traversal bypass techniques, highlighting the importance of robust input validation.
CVE-2024-28255 was publicly disclosed on March 15, 2024. While no active exploitation campaigns have been publicly reported as of this writing, the vulnerability's critical severity and ease of exploitation make it a high-priority target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Organizations using OpenMetadata for data discovery, observability, and governance, particularly those running versions 1.2.3 or earlier, are at significant risk. Shared hosting environments where OpenMetadata instances are deployed alongside other applications are also vulnerable, as a compromise of one instance could potentially lead to broader system access.
• linux / server: Monitor OpenMetadata access logs for unusual request patterns, specifically those containing path manipulation attempts (e.g., ;v1%2fusers%2flo). Use journalctl -f to observe real-time log activity.
grep -iE 'path manipulation|;v1%2fusers%2flo' /var/log/openmetadata/access.log• generic web: Use curl to test endpoint access with manipulated paths. Check response headers for unauthorized access.
curl -v 'http://openmetadata.example.com/api/v1;v1%2fusers%2flo'• java: If you have access to the OpenMetadata JVM, monitor for unusual JWT validation errors or authentication failures in the application logs.
disclosure
エクスプロイト状況
EPSS
93.92% (100% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-28255 is to upgrade OpenMetadata to version 1.2.4 or later, which includes the fix for this authentication bypass. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting access to sensitive endpoints through network firewalls or implementing stricter input validation on the server-side. Review and harden the OpenMetadata configuration to minimize the potential impact of a successful attack. After upgrading, confirm the fix by attempting to access protected endpoints with manipulated paths; authentication should be enforced.
OpenMetadataをバージョン1.2.4以降にアップデートしてください。このバージョンは認証バイパスの脆弱性を修正しています。既知の回避策はないため、アップデートが唯一推奨される解決策です。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-28255 is a critical vulnerability in OpenMetadata versions up to 1.2.3 that allows attackers to bypass JWT authentication by manipulating request paths, potentially gaining unauthorized access.
Yes, if you are running OpenMetadata version 1.2.3 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade OpenMetadata to version 1.2.4 or later to remediate the vulnerability. As a temporary workaround, restrict access to sensitive endpoints or implement stricter input validation.
While no active exploitation campaigns have been publicly reported, the vulnerability's critical severity and ease of exploitation make it a high-priority target.
Refer to the OpenMetadata security advisory for detailed information and updates: [https://github.com/open-metadata/open-metadata/security/advisories/GHSA-9999-9999-9999](https://github.com/open-metadata/open-metadata/security/advisories/GHSA-9999-9999-9999)
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
pom.xml ファイルをアップロードすると、影響の有無を即座にお知らせします。