HIGH🇵🇱 Wersja polska

CVE-2022-39362

CVSS 8.8v3.1pub. 2022-10-26upd. 2024-11-21

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Metabase

    APP
    Metabase
    0.41.0 – 0.41.9 (bez)0.42.0 – 0.42.6 (bez)0.43.0 – 0.43.7 (bez)0.44.0 – 0.44.5 (bez)1.41.0 – 1.41.9 (bez)1.42.0 – 1.42.6 (bez)1.43.0 – 1.43.7 (bez)1.44.0 – 1.44.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-41277CRITICAL10.0⚠ KEVten sam produkt

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered ...

CVE-2023-37470CRITICAL10.0ten sam produkt

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3,...

CVE-2023-38646CRITICAL9.8ten sam produkt

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitr...

CVE-2026-33725HIGH7.2ten sam produkt

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to ...

CVE-2026-27464HIGH7.7ten sam produkt

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0...