CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43776
https://notcve.org/view.php?id=CVE-2022-43776
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. El parámetro url del endpoint /api/geojson en Metabase versiones anteriores a 44.5, puede ser usado para llevar a cabo ataques de tipo Server Side Request Forgery. Las listas negras implementadas anteriormente podían ser omitidas aprovechando los redireccionamientos 301 y 302 • https://www.tenable.com/security/research/tra-2022-34 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 2CVE-2022-24853 – File system exposure in Metabase
https://notcve.org/view.php?id=CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. • https://github.com/secure-77/CVE-2022-24853 https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m https://secure77.de/metabase-ntlm-relay-attack https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-24855 – XSS vulnerability in Metabase
https://notcve.org/view.php?id=CVE-2022-24855
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8. Metabase es una aplicación de análisis e inteligencia empresarial de código abierto. • https://github.com/metabase/metabase/releases/tag/v0.42.4 https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 95%CPEs: 10EXPL: 9CVE-2021-41277 – GeoJSON URL validation can expose server files and environment variables to unauthorized users
https://notcve.org/view.php?id=CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. • https://github.com/tahtaciburak/CVE-2021-41277 https://github.com/zer0yu/CVE-2021-41277 https://github.com/Seals6/CVE-2021-41277 https://github.com/z3n70/CVE-2021-41277 https://github.com/kap1ush0n/CVE-2021-41277 https://github.com/TheLastVvV/CVE-2021-41277 https://github.com/chengling-ing/CVE-2021-41277 https://github.com/kaizensecurity/CVE-2021-41277 https://github.com/RubXkuB/PoC-Metabase-CVE-2021-41277 https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •