CVE-2023-25558

Name of the Vulnerable Software and Affected Versions DataHub (affected versions not specified)

Description The DataHub frontend, when configured to authenticate via SSO, processes the id token in an unsafe manner. This issue arises because the pac4j library deserializes values starting with the {#sb64} prefix as serialized Java objects. Although a RestrictedObjectInputStream is in place, it still allows deserialization of a broad range of Java packages, potentially leading to Remote Code Execution (RCE) with different gadget chains.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.