Lucene search
K

301 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/09 12:0 a.m.5 views

Metabase 1.52.x < 1.52.2.5

The version of Metabase installed on the remote host is 1.52.x prior to 1.52.2.5. It is, therefore, affected by a information disclosure vulnerability. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users...

4.8CVSS5.6AI score0.00411EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/09 12:0 a.m.4 views

Metabase < 0.29.3 XSS

The version of Metabase installed on the remote host is prior to 0.29.3. It is, therefore, affected by a Cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Note that Nessus has not tested for this issue but has instead...

6.1CVSS6.4AI score0.00842EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/09 12:0 a.m.4 views

Metabase 0.41.x < 0.41.9 / 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.41.x < 1.41.9 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5

The version of Metabase installed on the remote host is affected by multiple vulnerabilities: - a H2 Sample Database Remote Code Execution RCE, which can be abused by users able to write SQL queries on the H2 databases. Metabase fixed this issue to no longer allow DDL statements in H2 native...

8.8CVSS8.2AI score0.00967EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/11 8:19 p.m.6 views

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

7.5CVSS4.6AI score0.00514EPSS
Exploits1References1
NVD
NVD
added 2025/06/09 8:15 p.m.9 views

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

7.5CVSS0.00514EPSS
Exploits1References6
OSV
OSV
added 2025/06/09 8:15 p.m.6 views

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

7.5CVSS7.1AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/09 8:0 p.m.6 views

CVE-2025-5895 Metabase dom.js parseDataUri redos

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

5.3CVSS4.6AI score0.00514EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/06/09 8:0 p.m.18 views

CVE-2025-5895 Metabase dom.js parseDataUri redos

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

5.3CVSS0.00514EPSS
Exploits1References6
CVE
CVE
added 2025/06/09 8:0 p.m.55 views

CVE-2025-5895

Summary of CVE-2025-5895 (Metabase) : Multiple sources describe a vulnerability in Metabase 54.10 affecting the function parseDataUri in frontend/src/metabase/lib/dom.js. The issue is described as inefficient regular-expression complexity (a redos-like condition) that can be triggered remotely. P...

7.5CVSS7.1AI score0.00514EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.6 views

PT-2025-24558 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase version 54.10 Description: A problematic issue was found in the function parseDataUri of the file frontend/src/metabase/lib/dom.js. This issue leads to inefficient regular expression complexity and can be initiated remotely...

7.5CVSS4.4AI score0.00514EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.5 views

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase version 54.10, which stems from an inefficient regular expression complexity in the function parseDataUri...

7.5CVSS4.7AI score0.00514EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:22 a.m.7 views

CVE-2024-55951

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There ar...

4.8CVSS6.8AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.10 views

CVE-2023-32680

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...

9.6CVSS7.2AI score0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.6 views

CVE-2023-23629

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...

6.3CVSS6.3AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.8 views

CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

9.8CVSS7.8AI score0.97924EPSS
Exploits36References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 a.m.10 views

CVE-2022-43776

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

6.5CVSS6.8AI score0.00656EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.7 views

CVE-2022-39360

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...

6.5CVSS6.9AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.13 views

CVE-2022-39359

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...

6.5CVSS6.7AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.17 views

CVE-2022-24853

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

5.9CVSS7.1AI score0.02485EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.11 views

CVE-2022-39358

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...

6.5CVSS6.7AI score0.00439EPSS
Exploits0References1
Rows per page
Query Builder