Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a metadata management tool, offering a unified solution for data asset discovery, observability, and governance. The flaws in question – all discovered and credited to security researcher Alvaro Muñoz – are listed below – CVE-2024-28847 (CVSS score: 8.8) – A Spring Expression Language (SpEL) injection vulnerability in PUT /api/v1/events/subscriptions (fixed in version 1.2.4) CVE-2024-28848 (CVSS score: 8.8) – A SpEL injection vulnerability in GET /api/v1/policies/validation/condition/<expr> (fixed in version 1.2.4) CVE-2024-28253 (CVSS score: 8.8) – A SpEL injection vulnerability in PUT /api/v1/policies (fixed in version 1.3.1) CVE-2024-28254 (CVSS score: 8.8) – A SpEL injection vulnerability in GET /api/v1/events/subscriptions/validation/condition/<expr> (fixed in version 1.2.4) CVE-2024-28255 (CVSS score: 9.8) – An authentication bypass vulnerability (fixed in version 1.2.4) Successful exploitation of the vulnerabilities could allow a threat actor to bypass authentication and achieve remote code execution. The modus operandi uncovered by Microsoft entails the targeting of internet-exposed OpenMetadata…Read More
References
Back to Main