CVE-2023-25560

Name of the Vulnerable Software and Affected Versions DataHub (affected versions not specified)

Description The issue concerns the AuthServiceClient in DataHub, which is responsible for managing accounts and authentication. It crafts JSON strings using format strings with user-controlled data, potentially allowing an attacker to manipulate these strings and send them to the backend. This could lead to an authentication bypass, creation of system accounts, and potentially full system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.