Vulnerabilities > CVE-2024-55238 - Unspecified vulnerability in Open-Metadata Openmetadata

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
open-metadata

Summary

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.

Vulnerable Configurations

Part Description Count
Application
Open-Metadata
76