4 matches found
CVE-2022-24853
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...
CVE-2022-24853 File system exposure in Metabase
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...
CVE-2022-24853 File system exposure in Metabase
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...
CVE-2022-24853
CVE-2022-24853 affects Metabase (GeoJSON support via a URL-loading proxy). The issue arises from a proxy that loads arbitrary URLs for JSON maps; while validation prevents returning arbitrary URL contents, a crafted request can trigger file access on Windows, enabling an NTLM relay attack and pot...