Name of the Vulnerable Software and Affected Versions amundsenfrontendlibrary versions prior to the version that includes the fix for this issue

Description The issue affects installations where UNEDITABLE SCHEMAS and/or UNEDITABLE TABLE DESCRIPTION MATCH RULES are set in the front-end. These properties are ignored, allowing any user to modify table and column descriptions. The problem arises because these restrictions are only applied on the front-end, not on the back-end. This can be exploited by sending a PUT request to the /api/metadata/v0/put table description API endpoint with modified description data. The estimated number of potentially affected devices is not provided.

Recommendations For amundsenfrontendlibrary versions prior to the version that includes the fix for this issue: Apply the attached PR that applies this restriction on the back-end to resolve the issue. As a temporary workaround, consider implementing the restriction manually by loading the table, running it through marshall dashboard partial to evaluate what's editable or not, and rejecting the response if it's not editable. Restrict access to the /api/metadata/v0/put table description API endpoint to minimize the risk of exploitation. Avoid using the UNEDITABLE SCHEMAS and UNEDITABLE TABLE DESCRIPTION MATCH RULES properties until the issue is resolved.