Deserialization of untrusted data in DataHub
CVE-2023-25558

7.5HIGH

Key Information:

Vendor: Datahub-project
Status: Datahub
Vendor: CVE Published:; 11 February 2023

🔔 Create Datahub-project Vulnerability Alert

What is CVE-2023-25558?

A vulnerability exists in the DataHub platform's frontend when configured for Single Sign-On (SSO) that utilizes the pac4j library. The processing of id_token may lead to unsafe deserialization. If the value of the id_token claims starts with the {#sb64} prefix, it can be treated as a serialized Java object, allowing for potential Remote Code Execution. The implementation of RestrictedObjectInputStream provides some limitations on deserialization, yet it still opens the door to certain Java packages being exploited through various gadget chains. Users should immediately upgrade their systems as no workarounds are available.

Affected Version(s)

datahub < 0.9.5

References

https://github.com/datahub-project/datahub/security/advis...

x_refsource_CONFIRM

https://github.com/datahub-project/datahub/commit/2a182f4...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Feb 7, 2023

CVE-2023-25558 Data

JSON