Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMetabase
APPMetabase0.41.0 – 0.41.9 (bez)0.42.0 – 0.42.6 (bez)0.43.0 – 0.43.7 (bez)0.44.0 – 0.44.5 (bez)1.41.0 – 1.41.9 (bez)1.42.0 – 1.42.6 (bez)1.43.0 – 1.43.7 (bez)1.44.0 – 1.44.5 (bez)
Related vulnerabilities
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered ...
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3,...
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitr...
Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to ...
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0...