3 matches found
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...
Metabase SSRF (CVE-2022-39359)
The version of Metabase installed on the remote host is 0.41.9, 0.42.6, 0.43.7, 0.44.5, 1.41.9, 1.42.6, 1.43.7 or 1.44.5. It is, therefore, affected by a server side request forgery vulnerability exists in Metabase due to a feature in the /api/geojson endpoint of Metabase which will make a web...
CVE-2022-39359
Metabase’s CVE-2022-39359 is a server-side request forgery-like flaw tied to the /api/geojson feature: prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, a custom GeoJSON map URL could follow redirects to disallowed addresses (e.g., link-local or private network...