EUVD-2022-41824

Malicious code in bioql PyPI...

Metabase 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5

The version of Metabase installed on the remote host is prior to 0.42.6, 0.43.7, 0.44.5, 1.42.6, 1.43.7, or 1.44.5. It is, therefore, affected by a parameter control vulnerability. A remote attacker can circumvent locked parameters when requesting data for a question in an embedded dashboard by...

CVE-2022-39358

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. Metabase suffers from a security vulnerability that stems from the fact that when requesting data for a question in an embedded dashboard, it is possible to circumvent locked parameters by constructing a malicious...

CVE-2022-39358 Metabase vulnerable to circumvention of Locked parameter in Signed Embedding

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...