{"uuid": "d4b5d3d3-cdd2-4cca-8821-71a004b77f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-28253", "type": "seen", "source": "https://t.me/arpsyndicate/4831", "content": "#ExploitObserverAlert\n\nCVE-2024-28253\n\nDESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nFIRST-EPSS: 0.000440000\nARPS-PRIORITY: 0.7718071", "creation_timestamp": "2024-04-24T22:12:28.000000Z"}