Lucene search
K

4 matches found

NVD
NVD
added 2022/04/14 10:15 p.m.32 views

CVE-2022-24853

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

5.9CVSS0.02485EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/04/14 9:45 p.m.29 views

CVE-2022-24853 File system exposure in Metabase

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

5.9CVSS6.1AI score0.02485EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/04/14 9:45 p.m.11 views

CVE-2022-24853 File system exposure in Metabase

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

5.9CVSS5.9AI score0.02485EPSS
Exploits1References3
CVE
CVE
added 2022/04/14 9:45 p.m.83 views

CVE-2022-24853

CVE-2022-24853 affects Metabase (GeoJSON support via a URL-loading proxy). The issue arises from a proxy that loads arbitrary URLs for JSON maps; while validation prevents returning arbitrary URL contents, a crafted request can trigger file access on Windows, enabling an NTLM relay attack and pot...

5.9CVSS5.5AI score0.02485EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder