Volerion logoVolerion
Volerion logoVolerion

OpenMetadata SQL Injection Vulnerability in TestDefinitionDAO Interface

Vulnerability

A SQL injection vulnerability has been identified in OpenMetadata versions through 1.4.4. The issue arises in the TestDefinitionDAO interface, specifically within the listCount function. The vulnerability allows an authenticated, low-privileged remote attacker to manipulate the entityType parameter, which is used to construct SQL queries. This exploitation could lead to unauthorized data extraction from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with database queries. This could result in unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a request to the OpenMetadata API endpoint '/api/v1/dataQuality/testDefinitions' with a crafted entityType parameter. The parameter should be designed to manipulate the SQL query generated by the application. Once the injection is successful, the SQL injection can be exploited using a tool like sqlmap to extract data from the database.

Added: Aug 8, 2025, 5:29 PM
Updated: Aug 8, 2025, 8:01 PM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
2.5
exploitability
6.6
remediation
0.0
relevance
0.3
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.