Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4

#%NASL_MIN_LEVEL 80900
##
# Tenable, Inc.
## 
include('compat.inc');

if (description)
{
  script_id(261767);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/09");

  script_name(english:"Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4");
  script_cve_id("CVE-2022-24855");
  script_cwe_id("CWE-79"); 

  script_set_attribute(attribute:"synopsis", value:
  "The remote host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
  "The version of Metabase installed on the remote host is prior to 1.42.4. It is, therefore, affected by a
  Metabase is an open source business intelligence and analytics application. In affected versions Metabase
ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS)
attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover.
Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints
for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7,
0.40.8 and 1.40.8.

  Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
  # https://github.com/metabase/metabase/security/advisories/GHSA-wjw6-wm9w-7ggr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53974218");
  script_set_attribute(attribute:"see_also", value:"https://github.com/metabase/metabase/releases/tag/v0.42.4");
  script_set_attribute(attribute:"solution", value:
  "Upgrade to Metabase version 1.42.4 or later.");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:metabase:metabase");

  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24855");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");
  script_dependencies("metabase_detect.nbin");
  script_require_keys("installed_sw/Metabase");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Metabase');

var constraints = [
    { 'min_version':'0.40.0', 'fixed_version':'0.40.8' },
    { 'min_version':'0.41.0', 'fixed_version':'0.41.7' },
    { 'min_version':'0.42.0', 'fixed_version':'0.42.4' },
    { 'min_version':'1.40.0', 'fixed_version':'1.40.8' },
    { 'min_version':'1.41.0', 'fixed_version':'1.41.7' },
    { 'min_version':'1.42.0', 'fixed_version':'1.42.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags: {'xss':TRUE});