This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OpenMetadata < 1.3.1 suffers from **SpEL Injection** via `PUT /api/v1/policies`.β¦
π¦ **Affected**: **OpenMetadata** versions **prior to 1.3.1**. Specifically, the `PolicyRepository` and `EntityRepository` components handling policy creation/update via the API. π
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: Full **Remote Code Execution**. An unauthenticated attacker can send a crafted `PUT` request to execute arbitrary system commands, compromising the entire server. π΄ββ οΈ
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Exploitation Threshold**: **LOW**. CVSS Vector: `AV:N/AC:L/PR:N/UI:N`. No authentication (`PR:N`) or user interaction (`UI:N`) required. Network-accessible and easy to exploit. π―
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exploit**: **YES**. A Nuclei template is available on GitHub (`projectdiscovery/nuclei-templates`). Proof of Concept confirms RCE capability. Wild exploitation is highly likely. π
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for OpenMetadata instances exposing `/api/v1/policies`. Use Nuclei with the CVE-2024-28253 template. Check if the version is < 1.3.1. Look for SpEL injection patterns in policy inputs. π΅οΈββοΈ
Q8Is it fixed officially? (Patch/Mitigation)
β **Official Fix**: **YES**. Fixed in **OpenMetadata 1.3.1**. The vendor advises immediate upgrade. No known workarounds exist, so patching is the only reliable defense. π οΈ
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: **NONE**. The advisory explicitly states: "There are no known workarounds." You must upgrade or isolate the service from the network immediately. π«
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **CRITICAL**. High CVSS score (8.6), unauthenticated RCE, and public PoC exist. Prioritize patching to **1.3.1+** immediately to prevent server compromise. π¨