Volerion logoVolerion
Volerion logoVolerion

OpenMetadata SQL Injection Vulnerability in TestDefinitionDAO Interface

Vulnerability

A SQL injection vulnerability has been identified in OpenMetadata versions through 1.4.4. The issue arises in the TestDefinitionDAO interface, specifically within the listCount function. An authenticated, low-privileged remote attacker can exploit this vulnerability by manipulating the testPlatform parameter to craft a SQL query that extracts information from the database.

Impact

Exploitation of this vulnerability allows for unauthorized data extraction from the database, potentially leading to information disclosure.

Reproduction

To reproduce this vulnerability, an authenticated user with low privileges can send a request to the OpenMetadata API endpoint 'api/v1/dataQuality/testDefinitions' while including a crafted testPlatform parameter. This parameter will be used to build a SQL query, exploiting the application's SQL injection vulnerability. The listCount function in the TestDefinitionDAO interface will execute the query, allowing the attacker to extract database information.

Added: Aug 8, 2025, 5:31 PM
Updated: Aug 8, 2025, 8:04 PM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
2.5
exploitability
6.3
remediation
0.0
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.