What is CVE-2023-25557?

CVE-2023-25557 is a high-severity vulnerability in Datahub-project Datahub, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.5/10. Published 2023-02-10.

How severe is CVE-2023-25557?

High severity. CVSS v3 base score is 7.5 out of 10.

SSRF in Datahub-project Datahub

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the D…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.005 (65.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Datahub-project Datahub — versions < 0.8.45

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-25557?: CVE-2023-25557 is a high-severity vulnerability in Datahub-project Datahub, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.5/10. Published 2023-02-10.
How severe is CVE-2023-25557?: High severity. CVSS v3 base score is 7.5 out of 10.