5 matches found
CVE-2022-39360
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...
CVE-2022-39360
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...
CVE-2022-39360
Metabase SSO password-reset flaw allows bypassing IdP for specific older releases. Affected versions include Metabase before 0.44.5/1.44.5, 0.43.7/1.43.7, 0.42.6/1.42.6, and 0.41.9/1.41.9. The root cause enables SSO users to reset passwords without going through the SSO IdP, potentially granting ...
CVE-2022-39360 Metabase SSO users able to circumvent IdP login by doing password reset
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...
CVE-2022-39360 Metabase SSO users able to circumvent IdP login by doing password reset
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...