CNNVD-202602-1820 Information
CNNVD ID
CNNVD-202602-1820
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
OpenMetadata是OpenMetadata开源的一个统一的发现、可观察和治理平台,由中央元数据存储库、深入的沿袭和无缝团队协作提供支持。 OpenMetadata 1.11.8之前版本存在安全漏洞,该漏洞源于UI对/api/v1/ingestionPipelines的调用泄露了某些服务使用的JWT,可能导致只读用户获得高权限账户访问权限。
Description (English)
OpenMetadata is a unified discovery, observation and governance platform for OpenMetadata open sources, supported by a central metadata repository, in-depth succession and seamless teamwork. There was a security loophole in the pre-OpenMetada 1.11.8 version, which originated from the call by UI to /api/v1/ingesidePipelines that leaked JWT for certain services, which could lead to read-only users gaining access to high-permissible accounts.
Vulnerability Type
其他
Affected Vendor
OpenMetadata
Published
2026-02-11
Last Modified
2026-02-24
References
https://github.com/open-metadata/OpenMetadata/releases/tag/1.11.8-release https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-pqqf-7hxm-rj5r
Patch
https://github.com/open-metadata/OpenMetadata/releases
Share on: