{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openmetadata-service--1.12.4/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["openmetadata-service (\u003c 1.12.4)","OpenMetadata 1.12.1"],"_cs_severities":["high"],"_cs_tags":["openmetadata","information-disclosure","jwt-leak","credential-access"],"_cs_type":"advisory","_cs_vendors":["OpenMetadata"],"content_html":"\u003cp\u003eOpenMetadata version 1.12.1 is vulnerable to an information disclosure vulnerability where a non-admin SSO user can trigger a \u003ccode\u003eTEST_CONNECTION\u003c/code\u003e workflow for a Database Service. The HTTP 201 response to the \u003ccode\u003ePOST /api/v1/automations/workflows\u003c/code\u003e request inadvertently includes both the cleartext database password within \u003ccode\u003erequest.connection.config.password\u003c/code\u003e and the ingestion bot JWT within \u003ccode\u003eopenMetadataServerConnection.securityConfig.jwtToken\u003c/code\u003e. This vulnerability allows an attacker to obtain sensitive credentials and impersonate the ingestion bot. The leaked JWT can be reused to access sensitive APIs, such as \u003ccode\u003eGET /api/v1/services/databaseServices/{id}?include=all\u003c/code\u003e, effectively granting bot-level privileges to unauthorized users. This issue differs from GHSA-pqqf-7hxm-rj5r as it specifically affects the \u003ccode\u003eautomations/workflows\u003c/code\u003e TEST_CONNECTION endpoint.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated SSO user with access to the OpenMetadata UI navigates to a Database Service.\u003c/li\u003e\n\u003cli\u003eThe user opens the connection tab of the Database Service and initiates the \u0026ldquo;Test connection\u0026rdquo; action.\u003c/li\u003e\n\u003cli\u003eThe UI sends a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/api/v1/automations/workflows\u003c/code\u003e with a JSON payload containing connection details. The password field in the request is masked.\u003c/li\u003e\n\u003cli\u003eThe OpenMetadata server responds with an HTTP 201 status code, including the cleartext database password in the \u003ccode\u003erequest.connection.config.password\u003c/code\u003e field of the response body.\u003c/li\u003e\n\u003cli\u003eThe server response also includes a valid JWT for the \u003ccode\u003eingestion-bot\u003c/code\u003e account in the \u003ccode\u003eopenMetadataServerConnection.securityConfig.jwtToken\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts the leaked ingestion-bot JWT from the server response.\u003c/li\u003e\n\u003cli\u003eThe attacker reuses the leaked JWT in the \u003ccode\u003eAuthorization\u003c/code\u003e header of subsequent API requests.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003e/api/v1/services/databaseServices/{id}?include=all\u003c/code\u003e to retrieve the full database service details, including the username and password, confirming bot-level access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows any user capable of running the \u0026ldquo;Test connection\u0026rdquo; workflow to recover both the database credentials in cleartext and a long-lived ingestion-bot JWT. This enables the attacker to act as the ingestion-bot, gaining unauthorized access to modify services and metadata within the OpenMetadata system. The severity is high, because successful credential access allows immediate escalation of privileges.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenMetadata to version 1.12.4 or later to patch CVE-2026-46481.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect OpenMetadata TEST_CONNECTION Workflow Password Leak\u0026rdquo; to identify attempts to exploit this vulnerability by monitoring for HTTP 201 responses from the /api/v1/automations/workflows endpoint that include password information.\u003c/li\u003e\n\u003cli\u003eRotate all ingestion-bot JWTs to invalidate any previously leaked tokens.\u003c/li\u003e\n\u003cli\u003eImplement proper secret management using the Secrets Store, ensuring sensitive information is not exposed in API responses.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T16:37:15Z","date_published":"2026-05-21T16:37:15Z","id":"https://feed.craftedsignal.io/briefs/2026-05-openmetadata-jwt-leak/","summary":"OpenMetadata version 1.12.1 is vulnerable to an information disclosure issue where a non-admin user can trigger a TEST_CONNECTION workflow for a Database Service and receive the cleartext database password and the ingestion bot JWT in the HTTP response, enabling privilege escalation.","title":"OpenMetadata TEST_CONNECTION Workflow Leaks JWT and Database Password","url":"https://feed.craftedsignal.io/briefs/2026-05-openmetadata-jwt-leak/"}],"language":"en","title":"CraftedSignal Threat Feed — Openmetadata-Service (\u003c 1.12.4)","version":"https://jsonfeed.org/version/1.1"}