3 matches found
CVE-2022-24854
Summary of CVE-2022-24854 (Metabase) : Metabase uses SQLite with an FDW-like feature called ATTACH DATABASE. If an attacker has SQL permissions on at least one SQLite database, they can attach that database to a second one and query across all attached tables. Exploitation requires knowledge of t...
CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...
CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...