CVE-2022-24855

🗓️ 14 Apr 2022 21:35:11Reported by GitHub_MType

Metabase 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8 allows XSS

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2022-24855	15 Apr 202202:19	–	circl
CNNVD	Metabase 跨站脚本漏洞	14 Apr 202200:00	–	cnnvd
Cvelist	CVE-2022-24855 XSS vulnerability in Metabase	14 Apr 202221:35	–	cvelist
EUVD	EUVD-2022-29635	3 Oct 202520:07	–	euvd
Tenable Nessus	Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4	9 Sep 202500:00	–	nessus
NVD	CVE-2022-24855	14 Apr 202222:15	–	nvd
OSV	CVE-2022-24855 XSS vulnerability in Metabase	14 Apr 202221:35	–	osv
Prion	Cross site scripting	14 Apr 202222:15	–	prion
RedhatCVE	CVE-2022-24855	5 Feb 202521:48	–	redhatcve
Vulnrichment	CVE-2022-24855 XSS vulnerability in Metabase	14 Apr 202221:35	–	vulnrichment

NVD

Vulners

Node

metabase metabaseRange0.40.0–0.40.8

metabase metabaseRange0.41.0–0.41.7

metabase metabaseRange0.42.0–0.42.4

metabase metabaseRange1.40.0–1.40.8

metabase metabaseRange1.41.0–1.41.7

metabase metabaseRange1.42.0–1.42.4

[
  {
    "product": "metabase",
    "vendor": "metabase",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.40.0, < 1.40.8"
      },
      {
        "status": "affected",
        "version": ">= 0.40.0, < 0.40.8"
      },
      {
        "status": "affected",
        "version": ">= 1.41.0, < 1.41.7"
      },
      {
        "status": "affected",
        "version": ">= 0.41.0, < 0.41.7"
      },
      {
        "status": "affected",
        "version": ">= 1.42.0, < 1.42.4"
      },
      {
        "status": "affected",
        "version": ">= 0.42.0, < 0.42.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/metabase/metabase/releases/tag/v0.42.4
github	www.github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr

21 Nov 2024 06:51Current

5.7Medium risk

Vulners AI Score5.7

CVSS 23.5

CVSS 3.15.4 - 8.7

EPSS0.0042

SSVC

CWE-79