CVE-2024-28255

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.2.4

Description The issue is related to the authentication mechanism in OpenMetadata, specifically with the JwtFilter that handles API authentication by verifying JWT tokens. An attacker can bypass the authentication mechanism by manipulating path parameters to make any path contain arbitrary strings, allowing access to arbitrary endpoints without JWT validation. This can lead to authentication bypass and potentially to arbitrary SpEL expression injection. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 1.2.4, upgrade to version 1.2.4 or later to address the authentication bypass issue. As a temporary workaround, consider restricting access to sensitive endpoints that may be vulnerable to SpEL expression injection until the upgrade is applied. Avoid using the GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111 endpoint or similar manipulated paths that can bypass JWT validation.