CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

CVE-2025-32382 Snowflake credentials logged by the Metabase backend

Metabase is an open source Business Intelligence and Embedded Analytics tool. When admins change Snowflake connection details in Metabase either updating a password or changing password to private key or vice versa, Metabase would not always purge older Snowflake connection details from the...

CVE-2025-32382

Metabase (open source) had a vulnerability where, when admins updated Snowflake connection details, older connection credentials could remain in the application database. Metabase would cycle connection methods and, upon a successful one, log the details including username and password, risking c...