3 matches found
CVE-2022-39358
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
CVE-2022-39358 Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
CVE-2022-39358
Metabase is vulnerable to a parameter-control bypass in embedded dashboards: a remote attacker can craft a malicious request to the backend to circumvent locked parameters when requesting data for a question. The issue affects Metabase versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and...