Home > Vulnerability Database > CVE-2024-55238

Mend.io Vulnerability Database

CVE-2024-55238

Good to know:

Date: April 16, 2025

OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.

Severity Score

7.1

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55238

Url: https://github.com/open-metadata/OpenMetadata/commit/47a13e27cf24465c44044ac79654b87dde8d39a8

Url: https://gist.github.com/javadk/68c597cdb94768dab31a3219c2ad9904

Url: https://github.com/open-metadata/OpenMetadata

Url: https://github.com/open-metadata/OpenMetadata/blob/98945cb2db87ebb325d3a72131f049abffcba345/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4243

Url: https://github.com/open-metadata/OpenMetadata/blob/98945cb2db87ebb325d3a72131f049abffcba345/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java#L4247

Url: https://www.mend.io/vulnerability-database/CVE-2024-55238

Severity Score

7.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55238

Good to know:

Date: April 16, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?