Safety vulnerability ID: 63338
The information on this page was manually curated by our Cybersecurity Intelligence Team.
In DataHub versions prior to 0.8.45, session cookies are only cleared upon new sign-ins, not during logouts. This allows potential attackers to bypass authentication checks using the AuthUtils.hasValidSessionCookie() method by using a cookie from a logged-out session. Consequently, any logged-out session cookie might be considered valid, leading to an authentication bypass. Users are advised to upgrade to version 0.8.45 to rectify this vulnerability. Currently, there are no known workarounds. This vulnerability was identified and reported by the GitHub Security lab and is being tracked under GHSL-2022-083.
https://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj
https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78
Latest version: 0.14.1.12
A CLI to work with DataHub metadata
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application