160 matches found
CVE-2023-23629 Metabase subject to Improper Privilege Management
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...
CVE-2023-23629
Metabase (open-source analytics platform) is affected by CVE-2023-23629 due to Improper Privilege Management in dashboard subscriptions. The issue allows a user with higher data privileges to create a subscription and add recipients, who then receive data exposed according to the creator’s privil...
CVE-2023-23628
Metabase information disclosure CVE-2023-23628 affects sandboxed users who view dashboard subscription settings and can see the recipients list when another user added recipients. Root cause is an exposure of user data to unauthorized actors within the application. Impact is restricted to viewing...
CVE-2023-23628 Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the...
Metabase 信息泄露漏洞
Metabase is an open source data analytics platform from Metabase Inc. Metabase is vulnerable to an information disclosure vulnerability that stems from exposing sensitive information to an unauthorized user. No details of the vulnerability are currently available...
Metabase 安全漏洞
Metabase is an open source data analytics platform from the US-based Metabase Inc. Metabase has a security vulnerability that stems from incorrect privilege management...
The Four-Step Approach to Modernizing Your DAM Strategy
Effective data security is critical to an organizations success and requires a strategy that aligns with the company’s objectives and those of its stakeholders. As the data landscape changes, most Database Activity Monitoring DAM solutions struggle to meet new data security requirements. The resu...
Set admin emit event with wrong data
Lines of code Vulnerability details Impact emit AdminUpdatedadmin, newAdmin; will emit AdminUpdated with same values. Proof of Concept Tools Used Code analytics Recommended Mitigation Steps store address of admin before --- The text was updated successfully, but these errors were encountered: All...
The Role of the Cybersecurity Leader in 2022
Who does the modern CISO need to be? According to the 2021 Gartner, Inc. Market Guide for Managed Detection and Response Services, the role of the chief information security officer CISO has to change in 2022 to combat the ever-evolving modern threat landscape. Eighty-eight percent of company...
WSO2 Management Console Cross Site Scripting
Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Date: 21 Apr 2022 Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/,...
CVE-2022-29548
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...
Cross site scripting
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...
CVE-2022-29548
CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...
PT-2022-2550 · Wso2 · Wso2 Identity Server Analytics +8
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 API Manager Analytics versions 2.2.0 through 2.6.0 WSO2 API Microgateway version 2.2.0 WSO2 Data Analytics Server version 3.2.0 WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0 WSO2 IS...
Wazuh Offers XDR Functionality at a Price Enterprises Will Love — Free!
Back in 2018, Palo Alto Networks CTO and co-founder Nir Zuk coined a new term to describe the way that businesses needed to approach cybersecurity in the years to come. That term, of course, was extended detection and response XDR. It described a unified cybersecurity infrastructure that brought...
How Wazuh Can Improve Digital Security for Businesses
2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces o...
IBM Security Guardium Insights输入验证错误漏洞
IBM Security Guardium Insights is a data security solution from IBM Corporation. The product supports data analytics, threat alerts, data security auditing and local data monitoring. IBM Security Guardium Insights has an input validation error vulnerability in v3.0, which stems from the fact that...
How Data Analytics and AI Solve the Toughest Global Problems
By Waqas Can technologies combining data analytics and artificial intelligence save the world from its growing problems? This is a post from HackRead.com Read the original post: How Data Analytics and AI Solve the Toughest Global Problems...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Metabase
CVE-2021-41277 PoC Metabase is an open source data analytics...
CVE-2021-41277
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...