Lucene search
PRIOn knowledge basePRION:CVE-2021-41277HistoryNov 17, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-11-1720:15:00
PRIOn knowledge base
www.prio-n.com
3
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (admin->settings->maps->custom maps->add a map) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If youΓ’β¬β’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
Related
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Metabase
2022-03-11 06:39:38
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Metabase
2021-11-24 05:56:46
Exploit for Improper Input Validation in Metabase
2022-01-10 01:52:10
cvelist
cvelist
nvd
nvd
CVE-2021-41277
2021-11-17 20:15:10
cve
cve
CVE-2021-41277
2021-11-17 20:15:10
cnvd
cnvd
Metabase Information Disclosure Vulnerability
2021-11-22 00:00:00
nuclei
nuclei
Metabase - Local File Inclusion
2021-11-20 06:55:50
osv
osv
CVE-2021-41277
2021-11-17 20:15:10
nessus
nessus
Metabase LFI (CVE-2021-41277)
2022-07-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Metabase GeoJSON Map Information Disclosure (CVE-2021-41277)
2022-03-29 00:00:00