All the vulnerabilites related to metabase - metabase
cve-2022-39361
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Metabase vulnerable to Remote Code Execution via H2
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-gqpj-wcr3-p88v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.41.9"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.6"
},
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 0.43.7"
},
{
"status": "affected",
"version": "\u003e= 0.44.0, \u003c 0.44.5"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.41.9"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.6"
},
{
"status": "affected",
"version": "\u003e= 1.43.0, \u003c 1.43.7"
},
{
"status": "affected",
"version": "\u003e= 1.44.0, \u003c 1.44.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-gqpj-wcr3-p88v"
}
],
"source": {
"advisory": "GHSA-gqpj-wcr3-p88v",
"discovery": "UNKNOWN"
},
"title": "Metabase vulnerable to Remote Code Execution via H2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39361",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24855
Vulnerability from cvelistv5
Published
2022-04-14 21:35
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
XSS vulnerability in Metabase
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr | x_refsource_CONFIRM | |
| https://github.com/metabase/metabase/releases/tag/v0.42.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/releases/tag/v0.42.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.40.0, \u003c 1.40.8"
},
{
"status": "affected",
"version": "\u003e= 0.40.0, \u003c 0.40.8"
},
{
"status": "affected",
"version": "\u003e= 1.41.0, \u003c 1.41.7"
},
{
"status": "affected",
"version": "\u003e= 0.41.0, \u003c 0.41.7"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.4"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T21:35:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metabase/metabase/releases/tag/v0.42.4"
}
],
"source": {
"advisory": "GHSA-wjw6-wm9w-7ggr",
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in Metabase",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24855",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability in Metabase"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.40.0, \u003c 1.40.8"
},
{
"version_value": "\u003e= 0.40.0, \u003c 0.40.8"
},
{
"version_value": "\u003e= 1.41.0, \u003c 1.41.7"
},
{
"version_value": "\u003e= 0.41.0, \u003c 0.41.7"
},
{
"version_value": "\u003e= 1.42.0, \u003c 1.42.4"
},
{
"version_value": "\u003e= 0.42.0, \u003c 0.42.4"
}
]
}
}
]
},
"vendor_name": "metabase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr",
"refsource": "CONFIRM",
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr"
},
{
"name": "https://github.com/metabase/metabase/releases/tag/v0.42.4",
"refsource": "MISC",
"url": "https://github.com/metabase/metabase/releases/tag/v0.42.4"
}
]
},
"source": {
"advisory": "GHSA-wjw6-wm9w-7ggr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24855",
"datePublished": "2022-04-14T21:35:11",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39362
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Metabase vulnerable to arbitrary SQL execution from queryhash
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-93wj-fgjg-r238"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/commit/b7c6bb905a9187347cfc9035443b514713027a5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.41.9"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.6"
},
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 0.43.7"
},
{
"status": "affected",
"version": "\u003e= 0.44.0, \u003c 0.44.5"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.41.9"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.6"
},
{
"status": "affected",
"version": "\u003e= 1.43.0, \u003c 1.43.7"
},
{
"status": "affected",
"version": "\u003e= 1.44.0, \u003c 1.44.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-93wj-fgjg-r238"
},
{
"url": "https://github.com/metabase/metabase/commit/b7c6bb905a9187347cfc9035443b514713027a5c"
}
],
"source": {
"advisory": "GHSA-93wj-fgjg-r238",
"discovery": "UNKNOWN"
},
"title": "Metabase vulnerable to arbitrary SQL execution from queryhash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39362",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41277
Vulnerability from cvelistv5
Published
2021-11-17 20:05
Modified
2024-11-13 14:17
Severity ?
EPSS score ?
Summary
GeoJSON URL validation can expose server files and environment variables to unauthorized users
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr | x_refsource_CONFIRM | |
| https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"lessThan": "0.40.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.40.5",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-12",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
},
{
"other": {
"content": {
"id": "CVE-2021-41277",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:15:46.325821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:17:56.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.40.5"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.40.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you\u2019re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T20:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0"
}
],
"source": {
"advisory": "GHSA-w73v-6p7p-fpfr",
"discovery": "UNKNOWN"
},
"title": "GeoJSON URL validation can expose server files and environment variables to unauthorized users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41277",
"STATE": "PUBLIC",
"TITLE": "GeoJSON URL validation can expose server files and environment variables to unauthorized users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_value": "\u003c 0.40.5"
},
{
"version_value": "\u003e= 1.0.0, \u003c 1.40.5"
}
]
}
}
]
},
"vendor_name": "metabase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you\u2019re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr",
"refsource": "CONFIRM",
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr"
},
{
"name": "https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0",
"refsource": "MISC",
"url": "https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0"
}
]
},
"source": {
"advisory": "GHSA-w73v-6p7p-fpfr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41277",
"datePublished": "2021-11-17T20:05:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-11-13T14:17:56.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39359
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w5j7-4mgm-77f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/commit/057e2d67fcbeb6b48db68b697e022243e3a5771e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.41.9"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.6"
},
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 0.43.7"
},
{
"status": "affected",
"version": "\u003e= 0.44.0, \u003c 0.44.5"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.41.9"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.6"
},
{
"status": "affected",
"version": "\u003e= 1.43.0, \u003c 1.43.7"
},
{
"status": "affected",
"version": "\u003e= 1.44.0, \u003c 1.44.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w5j7-4mgm-77f4"
},
{
"url": "https://github.com/metabase/metabase/commit/057e2d67fcbeb6b48db68b697e022243e3a5771e"
}
],
"source": {
"advisory": "GHSA-w5j7-4mgm-77f4",
"discovery": "UNKNOWN"
},
"title": "Metabase\u0027s GeoJSON validation doesn\u0027t prevent redirects to blocked URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39359",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43776
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metabase",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c44.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The url parameter of the /api/geojson endpoint in Metabase versions \u003c44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2022-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-43776",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-10-26T00:00:00",
"dateUpdated": "2024-08-03T13:40:06.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23629
Vulnerability from cvelistv5
Published
2023-01-28 01:23
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Metabase subject to Improper Privilege Management
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.43.7.1"
},
{
"status": "affected",
"version": "\u003e= 0.44.0-RC1, \u003c 0.44.6.1"
},
{
"status": "affected",
"version": "\u003e= 0.45.0-RC1, \u003c 0.45.2.1"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.43.7.1"
},
{
"status": "affected",
"version": "\u003e= 1.44.0-RC1, \u003c 1.44.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.45.0-RC1, \u003c 1.45.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the \"Subscriptions and Alerts\" permission for groups that have restricted data permissions, as a workaround.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T01:23:33.300Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5"
}
],
"source": {
"advisory": "GHSA-ch8f-hhq9-7gv5",
"discovery": "UNKNOWN"
},
"title": "Metabase subject to Improper Privilege Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23629",
"datePublished": "2023-01-28T01:23:33.300Z",
"dateReserved": "2023-01-16T17:07:46.245Z",
"dateUpdated": "2024-08-02T10:35:33.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38646
Vulnerability from cvelistv5
Published
2023-07-21 00:00
Modified
2024-08-02 17:46
Severity ?
EPSS score ?
Summary
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.metabase.com/blog/security-advisory"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/releases/tag/v0.46.6.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=36812256"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/issues/32552"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server\u0027s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T16:05:58.126975",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.metabase.com/blog/security-advisory"
},
{
"url": "https://github.com/metabase/metabase/releases/tag/v0.46.6.1"
},
{
"url": "https://news.ycombinator.com/item?id=36812256"
},
{
"url": "https://github.com/metabase/metabase/issues/32552"
},
{
"url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38646",
"datePublished": "2023-07-21T00:00:00",
"dateReserved": "2023-07-21T00:00:00",
"dateUpdated": "2024-08-02T17:46:56.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0697
Vulnerability from cvelistv5
Published
2018-11-15 15:00
Modified
2024-08-05 03:35
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN14323043/index.html | third-party-advisory, x_refsource_JVN | |
| https://metabase.com/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Metabase, Inc. | Metabase |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14323043",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14323043/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://metabase.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metabase",
"vendor": "Metabase, Inc.",
"versions": [
{
"status": "affected",
"version": "version 0.29.3 and earlier"
}
]
}
],
"datePublic": "2018-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14323043",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14323043/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://metabase.com/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metabase",
"version": {
"version_data": [
{
"version_value": "version 0.29.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Metabase, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14323043",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14323043/index.html"
},
{
"name": "https://metabase.com/",
"refsource": "MISC",
"url": "https://metabase.com/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0697",
"datePublished": "2018-11-15T15:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24853
Vulnerability from cvelistv5
Published
2022-04-14 21:45
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
File system exposure in Metabase
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m | x_refsource_CONFIRM | |
| https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/ | x_refsource_MISC | |
| https://secure77.de/metabase-ntlm-relay-attack/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secure77.de/metabase-ntlm-relay-attack/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.40.0, \u003c 1.40.7"
},
{
"status": "affected",
"version": "\u003e= 0.40.0, \u003c 0.40.7"
},
{
"status": "affected",
"version": "\u003e= 1.41.0, \u003c 1.41.6"
},
{
"status": "affected",
"version": "\u003e= 0.41.0, \u003c 0.41.6"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.3"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:11:26",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secure77.de/metabase-ntlm-relay-attack/"
}
],
"source": {
"advisory": "GHSA-5cfq-582c-c38m",
"discovery": "UNKNOWN"
},
"title": "File system exposure in Metabase",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24853",
"STATE": "PUBLIC",
"TITLE": "File system exposure in Metabase"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.40.0, \u003c 1.40.7"
},
{
"version_value": "\u003e= 0.40.0, \u003c 0.40.7"
},
{
"version_value": "\u003e= 1.41.0, \u003c 1.41.6"
},
{
"version_value": "\u003e= 0.41.0, \u003c 0.41.6"
},
{
"version_value": "\u003e= 1.42.0, \u003c 1.42.3"
},
{
"version_value": "\u003e= 0.42.0, \u003c 0.42.3"
}
]
}
}
]
},
"vendor_name": "metabase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m",
"refsource": "CONFIRM",
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m"
},
{
"name": "https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/",
"refsource": "MISC",
"url": "https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/"
},
{
"name": "https://secure77.de/metabase-ntlm-relay-attack/",
"refsource": "MISC",
"url": "https://secure77.de/metabase-ntlm-relay-attack/"
}
]
},
"source": {
"advisory": "GHSA-5cfq-582c-c38m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24853",
"datePublished": "2022-04-14T21:45:16",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39358
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-8qgm-9mj6-36h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.42.6"
},
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 0.43.7"
},
{
"status": "affected",
"version": "\u003e= 0.44.0, \u003c 0.44.5"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.42.6"
},
{
"status": "affected",
"version": "\u003e= 1.43.0, \u003c 1.43.7"
},
{
"status": "affected",
"version": "\u003e= 1.44.0, \u003c 1.44.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-8qgm-9mj6-36h3"
}
],
"source": {
"advisory": "GHSA-8qgm-9mj6-36h3",
"discovery": "UNKNOWN"
},
"title": "Metabase vulnerable to circumvention of Locked parameter in Signed Embedding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39358",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39360
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Metabase SSO users able to circumvent IdP login by doing password reset
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.41.9"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.6"
},
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c 0.43.7"
},
{
"status": "affected",
"version": "\u003e= 0.44.0, \u003c 0.44.5"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.41.9"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.6"
},
{
"status": "affected",
"version": "\u003e= 1.43.0, \u003c 1.43.7"
},
{
"status": "affected",
"version": "\u003e= 1.44.0, \u003c 1.44.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304: Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc"
},
{
"url": "https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730"
}
],
"source": {
"advisory": "GHSA-gw4g-ww2m-v7vc",
"discovery": "UNKNOWN"
},
"title": "Metabase SSO users able to circumvent IdP login by doing password reset"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39360",
"datePublished": "2022-10-26T00:00:00",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:44.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37470
Vulnerability from cvelistv5
Published
2023-08-04 15:12
Modified
2024-10-17 14:54
Severity ?
EPSS score ?
Summary
Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:54:25.239902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:54:36.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.43.7.3"
},
{
"status": "affected",
"version": "\u003e= 0.44.0.0, \u003c 0.44.7.3"
},
{
"status": "affected",
"version": "\u003e= 0.45.0.0, \u003c 0.45.4.3"
},
{
"status": "affected",
"version": "\u003e= 0.46.0.0, \u003c 0.46.6.4"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.43.7.3"
},
{
"status": "affected",
"version": "\u003e= 1.44.0.0, \u003c 1.44.7.3"
},
{
"status": "affected",
"version": "\u003e= 1.45.0.0, \u003c 1.45.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.46.0.0, \u003c 1.46.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one\u0027s Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T15:12:43.188Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83"
}
],
"source": {
"advisory": "GHSA-p7w3-9m58-rq83",
"discovery": "UNKNOWN"
},
"title": "Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37470",
"datePublished": "2023-08-04T15:12:43.188Z",
"dateReserved": "2023-07-06T13:01:36.998Z",
"dateUpdated": "2024-10-17T14:54:36.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32680
Vulnerability from cvelistv5
Published
2023-05-18 22:55
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
Missing SQL permissions check in metabase
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-mw6j-f894-4qxv | x_refsource_CONFIRM | |
| https://github.com/metabase/metabase/pull/30852 | x_refsource_MISC | |
| https://github.com/metabase/metabase/pull/30853 | x_refsource_MISC | |
| https://github.com/metabase/metabase/pull/30854 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-mw6j-f894-4qxv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-mw6j-f894-4qxv"
},
{
"name": "https://github.com/metabase/metabase/pull/30852",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/pull/30852"
},
{
"name": "https://github.com/metabase/metabase/pull/30853",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/pull/30853"
},
{
"name": "https://github.com/metabase/metabase/pull/30854",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/pull/30854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.44.7"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.44.7"
},
{
"status": "affected",
"version": "\u003e= 0.45.0, \u003c 0.45.4"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.45.4"
},
{
"status": "affected",
"version": "\u003e= 0.46.0, \u003c 0.46.3"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.46.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database\u2013but affected versions of Metabase didn\u0027t enforce that requirement. This lack of enforcement meant that: Anyone\u2013including people in sandboxed groups\u2013could edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T22:55:30.636Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-mw6j-f894-4qxv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-mw6j-f894-4qxv"
},
{
"name": "https://github.com/metabase/metabase/pull/30852",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metabase/metabase/pull/30852"
},
{
"name": "https://github.com/metabase/metabase/pull/30853",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metabase/metabase/pull/30853"
},
{
"name": "https://github.com/metabase/metabase/pull/30854",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metabase/metabase/pull/30854"
}
],
"source": {
"advisory": "GHSA-mw6j-f894-4qxv",
"discovery": "UNKNOWN"
},
"title": "Missing SQL permissions check in metabase"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32680",
"datePublished": "2023-05-18T22:55:30.636Z",
"dateReserved": "2023-05-11T16:33:45.731Z",
"dateUpdated": "2024-08-02T15:25:36.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24854
Vulnerability from cvelistv5
Published
2022-04-14 21:40
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Database bypassing any permissions in Metabase via SQlite attach
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329 | x_refsource_CONFIRM | |
| https://www.sqlite.org/lang_attach.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sqlite.org/lang_attach.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.41.0, \u003c 1.41.7"
},
{
"status": "affected",
"version": "\u003e= 0.41.0, \u003c 0.41.7"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.4"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you\u0027re unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T21:40:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sqlite.org/lang_attach.html"
}
],
"source": {
"advisory": "GHSA-vm79-xvmp-7329",
"discovery": "UNKNOWN"
},
"title": "Database bypassing any permissions in Metabase via SQlite attach",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24854",
"STATE": "PUBLIC",
"TITLE": "Database bypassing any permissions in Metabase via SQlite attach"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.41.0, \u003c 1.41.7"
},
{
"version_value": "\u003e= 0.41.0, \u003c 0.41.7"
},
{
"version_value": "\u003e= 1.42.0, \u003c 1.42.4"
},
{
"version_value": "\u003e= 0.42.0, \u003c 0.42.4"
}
]
}
}
]
},
"vendor_name": "metabase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you\u0027re unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329",
"refsource": "CONFIRM",
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329"
},
{
"name": "https://www.sqlite.org/lang_attach.html",
"refsource": "MISC",
"url": "https://www.sqlite.org/lang_attach.html"
}
]
},
"source": {
"advisory": "GHSA-vm79-xvmp-7329",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24854",
"datePublished": "2022-04-14T21:40:11",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23628
Vulnerability from cvelistv5
Published
2023-01-28 01:11
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/metabase/metabase/security/advisories/GHSA-492f-qxr3-9rrv | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-492f-qxr3-9rrv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-492f-qxr3-9rrv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.43.7.1"
},
{
"status": "affected",
"version": "\u003e= 0.44.0-RC1, \u003c 0.44.6.1"
},
{
"status": "affected",
"version": "\u003e= 0.45.0-RC1, \u003c 0.45.2.1"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.43.7.1"
},
{
"status": "affected",
"version": "\u003e= 1.44.0-RC1, \u003c 1.44.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.45.0-RC1, \u003c 1.45.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn\u0027t be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T01:11:16.710Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-492f-qxr3-9rrv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-492f-qxr3-9rrv"
}
],
"source": {
"advisory": "GHSA-492f-qxr3-9rrv",
"discovery": "UNKNOWN"
},
"title": "Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23628",
"datePublished": "2023-01-28T01:11:16.710Z",
"dateReserved": "2023-01-16T17:07:46.244Z",
"dateUpdated": "2024-08-02T10:35:33.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}