301 matches found
CVE-2025-32382
Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...
CVE-2025-32382
Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...
CVE-2025-32382 Snowflake credentials logged by the Metabase backend
Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...
CVE-2025-32382 Snowflake credentials logged by the Metabase backend
Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...
CVE-2025-32382
Metabase (open source) had a vulnerability where, when admins updated Snowflake connection details, older connection credentials could remain in the application database. Metabase would cycle connection methods and, upon a successful one, log the details including username and password, risking c...
CVE-2025-32382 Snowflake credentials logged by the Metabase backend
Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...
Metabase 日志信息泄露漏洞
Metabase is an open source data analytics platform from US-based Metabase, Inc. A log information disclosure vulnerability exists in Metabase that stems from not properly clearing old connection information, leading to username and password disclosure...
CVE-2025-30371
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
CVE-2025-30371
CVE-2025-30371 affects Metabase (self-hosted) prior to versions v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. The issue is a circumvention of local link access protection in the GeoJson endpoint, potentially impacting deployments where Metabase is colocated with other unsecured resources. Remedia...
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...
Metabase 后置链接漏洞
Metabase is an open source data analytics platform from the US-based Metabase, Inc. A backlink vulnerability exists in Metabase versions prior to v0.52.16.4, prior to v1.52.16.4, prior to v0.53.8, and prior to v1.53.8, which stems from a bypass of the GeoJson endpoint local link access protection...
CVE-2025-27141
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
CVE-2025-27141
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
CVE-2025-27141
Metabase Enterprise Edition is affected by CVE-2025-27141: impersonation-enabled users can view cached question results that may contain data they should not access. Affected versions include 1.47.0 up to 1.50.35, 1.51.0 up to 1.51.13, 1.52.0 up to 1.52.10, and 1.53.x prior to the patched builds....
CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see resul...
Metabase 安全漏洞
Metabase is an open source data analytics platform from the US-based Metabase Inc. A security vulnerability exists in Metabase Enterprise Edition. An attacker exploiting the vulnerability could view data that should not be accessible. The following versions are affected: version 1.47.0 through...