CVE-2023-25560

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-25560

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25560.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25560

Aliases

GHSA-6rpf-5cfg-h8f3

Published

2023-02-10T22:03:03Z

Modified

2025-10-15T02:27:41.925544Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

JSON Injection in DataHub

Details

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080.

References

https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3

Affected packages

Git / github.com/datahub-project/datahub

Affected ranges

Type: GIT
Repo: https://github.com/datahub-project/datahub
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

af6a423f9d39c1efe308c9722c338fa82e36a55f

Affected versions

RC-v0.*

RC-v0.8.28

v0.*

v0.1.0-alpha

v0.1.1-alpha

v0.2.0-alpha

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.0-BETA

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

v0.8.0-pre

v0.8.1

v0.8.10

v0.8.11

v0.8.12

v0.8.13

v0.8.14

v0.8.15

v0.8.16

v0.8.17

v0.8.18

v0.8.19

v0.8.2

v0.8.20

v0.8.21

v0.8.22

v0.8.23

v0.8.24

v0.8.25

v0.8.26

v0.8.27

v0.8.28

v0.8.28rc1

v0.8.29

v0.8.3

v0.8.30

v0.8.31

v0.8.32

v0.8.33

v0.8.34

v0.8.35

v0.8.36

v0.8.37

v0.8.38

v0.8.39

v0.8.4

v0.8.40

v0.8.41

v0.8.42

v0.8.43

v0.8.44

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-25560-16f79a12",
            "signature_type": "Line",
            "target": {
                "file": "metadata-service/servlet/src/main/java/com/datahub/gms/servlet/Config.java"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "31554251648533416152623010086936924547",
                    "155760737878228610195097988911985706046",
                    "284220006101245241007895365429582833180",
                    "221398545169308186189998836629710439288"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/datahub-project/datahub/commit/af6a423f9d39c1efe308c9722c338fa82e36a55f"
        }
    ]
}