CVE-2022-39366 — CRITICAL (9.9)

Q: How severe is CVE-2022-39366?

CVE-2022-39366 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-39366?

Check the references section above for vendor advisories and patch information. Affected products include: Datahub Datahub.

Vulnerability Description

DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Datahub	Datahub	< 0.8.45

Related Weaknesses (CWE)

CWE-287 CWE-347 CWE-303

References

https://codeql.github.com/codeql-query-help/java/java-missing-jwt-signature-checThird Party Advisory
https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f78ExploitThird Party Advisory
https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f78ExploitThird Party Advisory
https://github.com/datahub-project/datahub/releases/tag/v0.8.45Third Party Advisory
https://github.com/datahub-project/datahub/security/advisories/GHSA-r8gm-v65f-c9Third Party Advisory
https://codeql.github.com/codeql-query-help/java/java-missing-jwt-signature-checThird Party Advisory
https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f78ExploitThird Party Advisory
https://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f78ExploitThird Party Advisory
https://github.com/datahub-project/datahub/releases/tag/v0.8.45Third Party Advisory
https://github.com/datahub-project/datahub/security/advisories/GHSA-r8gm-v65f-c9Third Party Advisory

FAQ

What is CVE-2022-39366?

CVE-2022-39366 is a vulnerability with a CVSS score of 9.9 (CRITICAL). DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an atta...

How severe is CVE-2022-39366?

CVE-2022-39366 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-39366?

Check the references section above for vendor advisories and patch information. Affected products include: Datahub Datahub.