Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
OpenMetadata Authentication Bypass (CVE-2024-28255) - Vulnerability Database

OpenMetadata Authentication Bypass (CVE-2024-28255)

Description

OpenMetadata suffers from an authentication bypass due to a JWT filter vulnerability. Attackers can manipulate path parameters to skip JWT validation, leading to unauthorized access to arbitrary endpoints, including those vulnerable to SpEL expression injection.

Remediation

Upgrade to OpenMetadata version 1.2.4 or later.

References

Authentication Bypass (`GHSL-2023-237`)
NVD CVE-2024-28255 Detail

Related Vulnerabilities

Wing FTP Server RCE (CVE-2025-47812) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Ivanti vTM Auth bypass (CVE-2024-7593) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz Authentication Bypass (CVE-2023-51467) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856) Critical
Common tags: Authentication Bypass Known Vulnerabilities

Severity

Critical

Classification

CVE-2024-28255
CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass
Known Vulnerabilities