Lucene search
GoogleOSV:CVE-2023-25561HistoryFeb 11, 2023 - 1:23 a.m.
CVE-2023-25561
2023-02-1101:23:26
Google
osv.dev
11
datahub
open-source
metadata
platform
vulnerability
java authentication
authorization service
authentication
error
attacker
login
github security lab
ghsl-2022-081
upgrade
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the authenticateJaasUser method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.
Related
nvd
nvd
CVE-2023-25561
2023-02-11 01:23:26
cve
cve
CVE-2023-25561
2023-02-11 01:23:26
prion
prion
Authentication flaw
2023-02-11 01:23:00
cvelist
cvelist
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
2023-02-10 22:03:02
github
github
GitHub Security Lab audited DataHub: Here’s what they found
2023-03-03 19:53:01