OpenMetadata Privilege Escalation Vulnerability via Leaked JWTs in Ingestion Pipelines API

A vulnerability in OpenMetadata prior to version 1.11.8 allows read-only users to access JSON Web Tokens (JWTs) used by the ingestion-bot for services like Glue, Redshift, and Postgres. This token leakage occurs through the UI's API calls to '/api/v1/ingestionPipelines'. With the leaked JWT, a user can impersonate a highly privileged account, typically the Ingestion Bot Role, leading to destructive changes within OpenMetadata instances and potential unauthorized data access, such as sample data or service metadata restricted by roles and policies.

Impact

Exploitation of this vulnerability allows for user impersonation, enabling read-only users to perform destructive actions by leveraging the leaked JWTs to access and modify resources as an Ingestion Bot user.

Reproduction

To reproduce this vulnerability, create a non-admin Collate Sandbox account, which has read-only access. Open the Developer Console and navigate to the Services Page. Inspect the network requests made to the '/api/v1/ingestionPipelines' endpoint, where the leaked JWT can be found in the response. This token can then be used to make API calls that could result in destructive changes.

Remediation

Users are advised to update to OpenMetadata version 1.11.8 or later, where this vulnerability has been fixed. Additionally, it is recommended to rotate Ingestion Bot Tokens in affected environments.