Open-metadata

Openmetadata

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2026-26010

Exploit
  • EPSS 0.01%
  • Veröffentlicht 11.02.2026 21:16:21
  • Zuletzt bearbeitet 13.02.2026 21:34:48

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly ...

7.2

CVE-2026-22244

Exploit
  • EPSS 0.46%
  • Veröffentlicht 08.01.2026 15:12:51
  • Zuletzt bearbeitet 15.01.2026 21:14:29

OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vuln...

6.5

CVE-2025-50468

Exploit
  • EPSS 0.04%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:49:32

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.

8.8

CVE-2025-50465

  • EPSS 0.03%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:48:13

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.

6.5

CVE-2025-50466

Exploit
  • EPSS 0.04%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:48:56

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.

6.5

CVE-2025-50467

  • EPSS 0.03%
  • Veröffentlicht 08.08.2025 00:00:00
  • Zuletzt bearbeitet 11.08.2025 14:49:15

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.

8.8

CVE-2024-55238

Exploit
  • EPSS 0.22%
  • Veröffentlicht 17.04.2025 16:15:27
  • Zuletzt bearbeitet 24.04.2025 12:47:25

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.

8.8

CVE-2024-28254

  • EPSS 60.28%
  • Veröffentlicht 15.03.2024 20:15:10
  • Zuletzt bearbeitet 04.09.2025 13:50:16

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression usin...

9.8

CVE-2024-28255

Exploit
  • EPSS 93.98%
  • Veröffentlicht 15.03.2024 20:15:10
  • Zuletzt bearbeitet 04.09.2025 13:48:26

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT...

8.8

CVE-2024-28847

Exploit
  • EPSS 19.29%
  • Veröffentlicht 15.03.2024 20:15:10
  • Zuletzt bearbeitet 04.09.2025 13:06:21

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also...