CVE-2022-39361

Metabase vulnerable to Remote Code Execution via H2

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries.

Metabase es un software de visualización de datos. En versiones anteriores a 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9 y 1.41.9, H2 (base de datos de muestra) podía permitir una ejecución de código remota (RCE), de la que podían abusar los usuarios capaces de escribir consultas SQL en las bases de datos H2. Este problema está parcheado en versiones 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9 y 1.41.9. Metabase ya no permite las sentencias DDL en las consultas nativas H2

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-02 CVE Reserved
2022-10-26 CVE Published
2024-08-03 CVE Updated
2024-10-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')

CAPEC

References (1)

URL	Tag	Source
https://github.com/metabase/metabase/security/advisories/GHSA-gqpj-wcr3-p88v	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 0.41.0 < 0.41.9 Search vendor "Metabase" for product "Metabase" and version " >= 0.41.0 < 0.41.9"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 0.42.0 < 0.42.6 Search vendor "Metabase" for product "Metabase" and version " >= 0.42.0 < 0.42.6"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 0.43.0 < 0.43.7 Search vendor "Metabase" for product "Metabase" and version " >= 0.43.0 < 0.43.7"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 0.44.0 < 0.44.5 Search vendor "Metabase" for product "Metabase" and version " >= 0.44.0 < 0.44.5"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 1.41.0 < 1.41.9 Search vendor "Metabase" for product "Metabase" and version " >= 1.41.0 < 1.41.9"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 1.42.0 < 1.42.6 Search vendor "Metabase" for product "Metabase" and version " >= 1.42.0 < 1.42.6"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 1.43.0 < 1.43.7 Search vendor "Metabase" for product "Metabase" and version " >= 1.43.0 < 1.43.7"		-		Affected
Metabase Search vendor "Metabase"		Metabase Search vendor "Metabase" for product "Metabase"				>= 1.44.0 < 1.44.5 Search vendor "Metabase" for product "Metabase" and version " >= 1.44.0 < 1.44.5"		-		Affected