CVE-2022-24854

🗓️ 14 Apr 2022 21:40:11Reported by GitHub_MType

CVE-2022-24854: Metabase SQLite FDW-like feature allows unauthorized database connections

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2022-24854	15 Apr 202202:19	–	circl
CNNVD	Metabase 安全漏洞	14 Apr 202200:00	–	cnnvd
Cvelist	CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach	14 Apr 202221:40	–	cvelist
EUVD	EUVD-2022-29634	3 Oct 202520:07	–	euvd
Tenable Nessus	Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4	9 Sep 202500:00	–	nessus
NVD	CVE-2022-24854	14 Apr 202222:15	–	nvd
OSV	CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach	14 Apr 202221:40	–	osv
Prion	Design/Logic Flaw	14 Apr 202222:15	–	prion
RedhatCVE	CVE-2022-24854	5 Feb 202521:53	–	redhatcve
SQLite	SQLite report about CVE-2022-24854	1 Jan 202200:00	–	sqlite

NVD

Vulners

Node

metabase metabaseRange0.41.0–0.41.7

metabase metabaseRange0.42.0–0.42.4

metabase metabaseRange1.41.0–1.41.7

metabase metabaseRange1.42.0–1.42.4

[
  {
    "product": "metabase",
    "vendor": "metabase",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.41.0, < 1.41.7"
      },
      {
        "status": "affected",
        "version": ">= 0.41.0, < 0.41.7"
      },
      {
        "status": "affected",
        "version": ">= 1.42.0, < 1.42.4"
      },
      {
        "status": "affected",
        "version": ">= 0.42.0, < 0.42.4"
      }
    ]
  }
]

Source	Link
sqlite	www.sqlite.org/lang_attach.html
github	www.github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329

21 Nov 2024 06:51Current

8.5High risk

Vulners AI Score8.5

CVSS 26.5

CVSS 3.18 - 8.8

EPSS0.00291

SSVC

CWE-610