Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metabase metabase vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). UR...
Metabase Metabase 0.40.0
Metabase Metabase 0.40.1
Metabase Metabase 0.40.2
Metabase Metabase 0.40.3
Metabase Metabase 0.40.4
Metabase Metabase 1.40.0
Metabase Metabase 1.40.1
Metabase Metabase 1.40.2
Metabase Metabase 1.40.3
Metabase Metabase 1.40.4
15 Github repositories
5.3
CVSSv3
CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted requ...
Metabase Metabase
1 Github repository
5.4
CVSSv3
CVE-2022-24855
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links ...
Metabase Metabase
9.6
CVSSv3
CVE-2023-32680
Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack...
Metabase Metabase
6.5
CVSSv3
CVE-2022-43776
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
Metabase Metabase
6.5
CVSSv3
CVE-2022-39358
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This iss...
Metabase Metabase
6.5
CVSSv3
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patc...
Metabase Metabase
6.5
CVSSv3
CVE-2022-39360
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is p...
Metabase Metabase
8.8
CVSSv3
CVE-2022-39361
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patch...
Metabase Metabase
6.1
CVSSv3
CVE-2018-0697
Cross-site scripting vulnerability in Metabase version 0.29.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Metabase Metabase
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »