DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-02-10T22:03:02.527Z
Updated: 2024-08-02T11:25:19.204Z
Reserved: 2023-02-07T17:10:00.734Z
Link: CVE-2023-25561
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-11T01:23:26.690
Modified: 2024-11-21T07:49:44.010
Link: CVE-2023-25561
Redhat
No data.