CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28848 – SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata
https://notcve.org/view.php?id=CVE-2024-28848
15 Mar 2024 — OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `CompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-28255 – Authentication Bypass in OpenMetadata
https://notcve.org/view.php?id=CVE-2024-28255
15 Mar 2024 — OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any pa... • https://packetstorm.news/files/id/180168 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28847 – SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata
https://notcve.org/view.php?id=CVE-2024-28847
15 Mar 2024 — OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an ... • https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28254 – SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
https://notcve.org/view.php?id=CVE-2024-28254
15 Mar 2024 — OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28253 – SpEL Injection in `PUT /api/v1/policies` in OpenMetadata
https://notcve.org/view.php?id=CVE-2024-28253
15 Mar 2024 — OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` g... • https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •