Open-metadata

Openmetadata

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.3

CVE-2026-46481

  • EPSS 0.24%
  • Veröffentlicht 08.06.2026 16:51:06
  • Zuletzt bearbeitet 09.06.2026 15:25:56

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext d...

7.6

CVE-2026-26010

Exploit
  • EPSS 0.33%
  • Veröffentlicht 11.02.2026 21:16:21
  • Zuletzt bearbeitet 13.02.2026 21:34:48

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly ...

7.2

CVE-2026-22244

Exploit
  • EPSS 0.76%
  • Veröffentlicht 08.01.2026 15:12:51
  • Zuletzt bearbeitet 15.01.2026 21:14:29

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vuln...

6.5

CVE-2025-50468

Exploit
  • EPSS 0.28%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:49:32

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.

8.8

CVE-2025-50465

  • EPSS 0.3%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:48:13

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.

6.5

CVE-2025-50466

Exploit
  • EPSS 0.3%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:48:56

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.

6.5

CVE-2025-50467

  • EPSS 0.24%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:49:15

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.

8.8

CVE-2024-55238

Exploit
  • EPSS 0.5%
  • Veröffentlicht 17.04.2025 16:15:27
  • Zuletzt bearbeitet 24.04.2025 12:47:25

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.

8.8

CVE-2024-28254

  • EPSS 45.73%
  • Veröffentlicht 15.03.2024 20:15:10
  • Zuletzt bearbeitet 04.09.2025 13:50:16

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression usin...

9.8

CVE-2024-28255

Exploit
  • EPSS 73.26%
  • Veröffentlicht 15.03.2024 20:15:10
  • Zuletzt bearbeitet 04.09.2025 13:48:26

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT...