CVE-2022-24853

🗓️ 14 Apr 2022 21:45:16Reported by GitHub_MType

Metabase open source BI & analytics app is vulnerable to NTLM relay attack via GeoJSON feature on Windows, CVE-2022-24853

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-24853	15 Apr 202202:19	–	circl
CNNVD	Metabase 信息泄露漏洞	14 Apr 202200:00	–	cnnvd
Cvelist	CVE-2022-24853 File system exposure in Metabase	14 Apr 202221:45	–	cvelist
EUVD	EUVD-2022-29633	3 Oct 202520:07	–	euvd
Tenable Nessus	Metabase 0.40.x < 0.40.8 / 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4	9 Sep 202500:00	–	nessus
NVD	CVE-2022-24853	14 Apr 202222:15	–	nvd
OSV	CVE-2022-24853 File system exposure in Metabase	14 Apr 202221:45	–	osv
Prion	Input validation	14 Apr 202222:15	–	prion
RedhatCVE	CVE-2022-24853	22 May 202522:09	–	redhatcve
Vulnrichment	CVE-2022-24853 File system exposure in Metabase	14 Apr 202221:45	–	vulnrichment

NVD

Vulners

Node

metabase metabaseRange0.40.0–0.40.8

metabase metabaseRange0.41.0–0.41.7

metabase metabaseRange0.42.0–0.42.4

metabase metabaseRange1.40.0–1.40.8

metabase metabaseRange1.41.0–1.41.7

metabase metabaseRange1.42.0–1.42.4

[
  {
    "product": "metabase",
    "vendor": "metabase",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.40.0, < 1.40.7"
      },
      {
        "status": "affected",
        "version": ">= 0.40.0, < 0.40.7"
      },
      {
        "status": "affected",
        "version": ">= 1.41.0, < 1.41.6"
      },
      {
        "status": "affected",
        "version": ">= 0.41.0, < 0.41.6"
      },
      {
        "status": "affected",
        "version": ">= 1.42.0, < 1.42.3"
      },
      {
        "status": "affected",
        "version": ">= 0.42.0, < 0.42.3"
      }
    ]
  }
]

Source	Link
github	www.github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m
secure77	www.secure77.de/metabase-ntlm-relay-attack/
qomplx	www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/

21 Nov 2024 06:51Current

5.5Medium risk

Vulners AI Score5.5

CVSS 22.6

CVSS 3.15.3 - 5.9

EPSS0.09729

SSVC

CWE-200