CVE-2023-47629

Name of the Vulnerable Software and Affected Versions DataHub versions prior to 0.12.1

Description The issue concerns an open-source metadata platform where sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link, they can potentially create an admin account under certain preconditions. Specifically, if the default datahub user has been removed but the default policies applying to that user remain, a user can sign up for an account that leverages these policies to gain admin privileges. There are no known workarounds for this issue.

Recommendations Update to version 0.12.1 to address the issue.