Lucene search
K

301 matches found

RedhatCVE
RedhatCVE
added 2025/04/12 2:51 p.m.31 views

CVE-2025-32382

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

1.8CVSS6.9AI score0.00337EPSS
Exploits0References1
NVD
NVD
added 2025/04/10 3:16 p.m.17 views

CVE-2025-32382

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

1.8CVSS0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 2:40 p.m.19 views

CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

1.8CVSS0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/10 2:40 p.m.18 views

CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

1.8CVSS6.9AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 2:40 p.m.78 views

CVE-2025-32382

Metabase (open source) had a vulnerability where, when admins updated Snowflake connection details, older connection credentials could remain in the application database. Metabase would cycle connection methods and, upon a successful one, log the details including username and password, risking c...

1.8CVSS6.5AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2025/04/10 2:40 p.m.4 views

CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

1.8CVSS6.9AI score0.00337EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.3 views

Metabase 日志信息泄露漏洞

Metabase is an open source data analytics platform from US-based Metabase, Inc. A log information disclosure vulnerability exists in Metabase that stems from not properly clearing old connection information, leading to username and password disclosure...

1.8CVSS6.3AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/30 3:32 p.m.20 views

CVE-2025-30371

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

2.1CVSS6.9AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2025/03/28 3:15 p.m.16 views

CVE-2025-30371

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

2.1CVSS0.00395EPSS
Exploits0References1
OSV
OSV
added 2025/03/28 2:47 p.m.4 views

CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

2.1CVSS6.5AI score0.00395EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/28 2:47 p.m.17 views

CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

2.1CVSS6.8AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2025/03/28 2:47 p.m.111 views

CVE-2025-30371

CVE-2025-30371 affects Metabase (self-hosted) prior to versions v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. The issue is a circumvention of local link access protection in the GeoJson endpoint, potentially impacting deployments where Metabase is colocated with other unsecured resources. Remedia...

2.1CVSS6.8AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 2:47 p.m.25 views

CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

2.1CVSS0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.3 views

Metabase 后置链接漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. A backlink vulnerability exists in Metabase versions prior to v0.52.16.4, prior to v1.52.16.4, prior to v0.53.8, and prior to v1.53.8, which stems from a bypass of the GeoJson endpoint local link access protection...

2.1CVSS6.5AI score0.00395EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/26 10:18 p.m.18 views

CVE-2025-27141

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...

6.5CVSS6.6AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2025/02/24 10:15 p.m.16 views

CVE-2025-27141

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...

6.5CVSS0.00336EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/24 10:5 p.m.19 views

CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...

4.8CVSS6.3AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2025/02/24 10:5 p.m.98 views

CVE-2025-27141

Metabase Enterprise Edition is affected by CVE-2025-27141: impersonation-enabled users can view cached question results that may contain data they should not access. Affected versions include 1.47.0 up to 1.50.35, 1.51.0 up to 1.51.13, 1.52.0 up to 1.52.10, and 1.53.x prior to the patched builds....

6.5CVSS6.9AI score0.00336EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/02/24 10:5 p.m.24 views

CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...

4.8CVSS0.00336EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.6 views

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase Inc. A security vulnerability exists in Metabase Enterprise Edition. An attacker exploiting the vulnerability could view data that should not be accessible. The following versions are affected: version 1.47.0 through...

6.5CVSS6.5AI score0.00336EPSS
Exploits0References4
Rows per page
Query Builder