Lucene search
GoogleOSV:CVE-2022-39358HistoryOct 26, 2022 - 7:15 p.m.
CVE-2022-39358
2022-10-2619:15:10
Google
osv.dev
3
metabase
data visualization
locked parameters
embedded dashboard
malicious request
backend
patched
security issue
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6.
Related
cve
cve
CVE-2022-39358
2022-10-26 19:15:10
nvd
nvd
CVE-2022-39358
2022-10-26 19:15:10
prion
prion
Design/Logic Flaw
2022-10-26 19:15:00
cvelist
cvelist