Server-Side Request Forgery in DataHub
CVE-2023-25557

7.5HIGH

Key Information:

Vendor: Datahub-project
Status: Datahub
Vendor: CVE Published:; 11 February 2023

🔔 Create Datahub-project Vulnerability Alert

What is CVE-2023-25557?

An improper URL construction issue has been found in the DataHub frontend, which acts as a proxy for forwarding REST and GraphQL requests to the backend. This flaw enables external users to manipulate requests originating from the frontend, potentially rerouting them to any arbitrary host. Consequently, malicious actors could exploit this vulnerability to direct requests to unintended servers and retrieve sensitive information. This risk was identified and disclosed by the GitHub Security Lab, emphasizing the need for prompt remediation to safeguard against potential unauthorized access.

Affected Version(s)

datahub < 0.8.45

References

https://github.com/datahub-project/datahub/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Feb 7, 2023

CVE-2023-25557 Data

JSON