Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metabase metabase vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43776
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
Metabase Metabase
231
VMScore
CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted requ...
Metabase Metabase
1 Github repository
578
VMScore
CVE-2022-24854
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, ...
Metabase Metabase
312
VMScore
CVE-2022-24855
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links ...
Metabase Metabase
449
VMScore
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). UR...
Metabase Metabase 0.40.0
Metabase Metabase 0.40.1
Metabase Metabase 0.40.2
Metabase Metabase 0.40.3
Metabase Metabase 0.40.4
Metabase Metabase 1.40.0
Metabase Metabase 1.40.1
Metabase Metabase 1.40.2
Metabase Metabase 1.40.3
Metabase Metabase 1.40.4
15 Github repositories
383
VMScore
CVE-2018-0697
Cross-site scripting vulnerability in Metabase version 0.29.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Metabase Metabase
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2