Strix
26.1K

CVE-2023-25559

HIGHCVSS 8.1/10EPSS 0.52%

Last modified

CVE-2023-25559 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079.

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability
0.52%

40.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DatahubDatahub< 0.8.45

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-25559?
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079.
How severe is CVE-2023-25559?
CVE-2023-25559 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2023-25559?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-25559?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST