Latest metabase metabase Vulnerabilities

CVE-2023-37470
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could pot...
Metabase Metabase<0.43.7.3
Metabase Metabase<1.43.7.3
Metabase Metabase>=0.44.0<0.44.7.3
Metabase Metabase>=0.45.0<0.45.4.3
Metabase Metabase>=0.46.0<0.46.6.4
Metabase Metabase>=1.44.0<1.44.7.3
and 2 more
CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not require...
Metabase Metabase<0.43.7.2
Metabase Metabase<1.43.7.2
Metabase Metabase>=0.44.0<0.44.7.1
Metabase Metabase>=0.45.0<0.45.4.1
Metabase Metabase>=0.46.0<0.46.6.1
Metabase Metabase>=1.44.0<1.44.7.1
and 2 more
CVE-2023-32680
Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but aff...
Metabase Metabase<0.44.7
Metabase Metabase>=0.45.0<0.45.4
Metabase Metabase>=0.46.0<0.46.3
Metabase Metabase>=1.0.0<1.44.7
Metabase Metabase>=1.45.0<1.45.4
Metabase Metabase>=1.46.0<1.46.3
CVE-2023-23628
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about ot...
Metabase Metabase<0.43.7.1
Metabase Metabase>=0.44.0<0.44.6.1
Metabase Metabase>=0.45.0<0.45.2.1
Metabase Metabase>=1.0.0<1.43.7.1
Metabase Metabase>=1.44.0<1.44.6.1
Metabase Metabase>=1.45.0<1.45.2.1
CVE-2023-23629
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the...
Metabase Metabase<0.43.7.1
Metabase Metabase>=0.44.0<0.44.6.1
Metabase Metabase>=0.45.0<0.45.2.1
Metabase Metabase>=1.0.0<1.43.7.1
Metabase Metabase>=1.44.0<1.44.6.1
Metabase Metabase>=1.45.0<1.45.2.1
CVE-2022-39362
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack...
Metabase Metabase>=0.41.0<0.41.9
Metabase Metabase>=0.42.0<0.42.6
Metabase Metabase>=0.43.0<0.43.7
Metabase Metabase>=0.44.0<0.44.5
Metabase Metabase>=1.41.0<1.41.9
Metabase Metabase>=1.42.0<1.42.6
and 2 more
CVE-2022-39361
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can b...
Metabase Metabase>=0.41.0<0.41.9
Metabase Metabase>=0.42.0<0.42.6
Metabase Metabase>=0.43.0<0.43.7
Metabase Metabase>=0.44.0<0.44.5
Metabase Metabase>=1.41.0<1.41.9
Metabase Metabase>=1.42.0<1.42.6
and 2 more
CVE-2022-39360
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, wh...
Metabase Metabase>=0.41.0<0.41.9
Metabase Metabase>=0.42.0<0.42.6
Metabase Metabase>=0.43.0<0.43.7
Metabase Metabase>=0.44.0<0.44.5
Metabase Metabase>=1.41.0<1.41.9
Metabase Metabase>=1.42.0<1.42.6
and 2 more
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that w...
Metabase Metabase>=0.41.0<0.41.9
Metabase Metabase>=0.42.0<0.42.6
Metabase Metabase>=0.43.0<0.43.7
Metabase Metabase>=0.44.0<0.44.5
Metabase Metabase>=1.41.0<1.41.9
Metabase Metabase>=1.42.0<1.42.6
and 2 more
CVE-2022-39358
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an...
Metabase Metabase>=0.42.0<0.42.6
Metabase Metabase>=0.43.0<0.43.7
Metabase Metabase>=0.44.0<0.44.5
Metabase Metabase>=1.42.0<1.42.6
Metabase Metabase>=1.43.0<1.43.7
Metabase Metabase>=1.44.0<1.44.5
CVE-2022-43776
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leverag...
Metabase Metabase<0.44.5
CVE-2022-24855
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripti...
Metabase Metabase>=0.40.0<0.40.8
Metabase Metabase>=0.41.0<0.41.7
Metabase Metabase>=0.42.0<0.42.4
Metabase Metabase>=1.40.0<1.40.8
Metabase Metabase>=1.41.0<1.41.7
Metabase Metabase>=1.42.0<1.42.4
CVE-2022-24854
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial c...
Metabase Metabase>=0.41.0<0.41.7
Metabase Metabase>=0.42.0<0.42.4
Metabase Metabase>=1.41.0<1.41.7
Metabase Metabase>=1.42.0<1.42.4
CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not retu...
Metabase Metabase>=0.40.0<0.40.8
Metabase Metabase>=0.41.0<0.41.7
Metabase Metabase>=0.42.0<0.42.4
Metabase Metabase>=1.40.0<1.40.8
Metabase Metabase>=1.41.0<1.41.7
Metabase Metabase>=1.42.0<1.42.4
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and ...
Metabase Metabase=0.40.0
Metabase Metabase=0.40.1
Metabase Metabase=0.40.2
Metabase Metabase=0.40.3
Metabase Metabase=0.40.4
Metabase Metabase=1.40.0
and 4 more
CVE-2018-0697
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Metabase Metabase<=0.29.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203