CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39361 – Metabase vulnerable to Remote Code Execution via H2
https://notcve.org/view.php?id=CVE-2022-39361
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries. Metabase es un software de visualización de datos. • https://github.com/metabase/metabase/security/advisories/GHSA-gqpj-wcr3-p88v • CWE-20: Improper Input Validation CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39360 – Metabase SSO users able to circumvent IdP login by doing password reset
https://notcve.org/view.php?id=CVE-2022-39360
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login. Metabase es un software de visualización de datos. • https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730 https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc • CWE-287: Improper Authentication CWE-304: Missing Critical Step in Authentication •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-39358 – Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
https://notcve.org/view.php?id=CVE-2022-39358
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. Metabase es un software de visualización de datos. En versiones anteriores a 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6 y 1.42.6, era posible omitir los parámetros bloqueados cuando se solicitaban datos para una pregunta en un tablero de mando insertado al construir una petición maliciosa al backend. • https://github.com/metabase/metabase/security/advisories/GHSA-8qgm-9mj6-36h3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-667: Improper Locking •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43776
https://notcve.org/view.php?id=CVE-2022-43776
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. El parámetro url del endpoint /api/geojson en Metabase versiones anteriores a 44.5, puede ser usado para llevar a cabo ataques de tipo Server Side Request Forgery. Las listas negras implementadas anteriormente podían ser omitidas aprovechando los redireccionamientos 301 y 302 • https://www.tenable.com/security/research/tra-2022-34 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-39362 – Metabase vulnerable to arbitrary SQL execution from queryhash
https://notcve.org/view.php?id=CVE-2022-39362
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. • https://github.com/metabase/metabase/commit/b7c6bb905a9187347cfc9035443b514713027a5c https://github.com/metabase/metabase/security/advisories/GHSA-93wj-fgjg-r238 • CWE-356: Product UI does not Warn User of Unsafe Actions •