Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metabase metabase vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-43776
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
Metabase Metabase
5.3
CVSSv3
CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted requ...
Metabase Metabase
1 Github repository
8.8
CVSSv3
CVE-2022-24854
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, ...
Metabase Metabase
5.4
CVSSv3
CVE-2022-24855
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links ...
Metabase Metabase
7.5
CVSSv3
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). UR...
Metabase Metabase 0.40.0
Metabase Metabase 0.40.1
Metabase Metabase 0.40.2
Metabase Metabase 0.40.3
Metabase Metabase 0.40.4
Metabase Metabase 1.40.0
Metabase Metabase 1.40.1
Metabase Metabase 1.40.2
Metabase Metabase 1.40.3
Metabase Metabase 1.40.4
15 Github repositories
6.1
CVSSv3
CVE-2018-0697
Cross-site scripting vulnerability in Metabase version 0.29.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Metabase Metabase
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2