CVE-2023-25562

Name of the Vulnerable Software and Affected Versions DataHub versions prior to 0.8.45

Description The issue concerns authentication checks using the AuthUtils.hasValidSessionCookie() method, which could be bypassed by using a cookie from a logged out session. This is because session cookies are only cleared on new sign-in events and not on logout events. As a result, any logged out session cookie may be accepted as valid, leading to an authentication bypass to the system.

Recommendations For versions prior to 0.8.45, upgrade to version 0.8.45 or later to resolve the issue. As a temporary workaround, consider disabling the use of session cookies or restricting access to sensitive areas of the system until the upgrade can be applied.