EUVD-2023-36920

Malicious code in bioql PyPI...

Metabase 0.44.x < 0.44.7 / 0.45.x < 0.45.4 / 0.46.x < 0.46.3 / 1.44.x < 1.44.7 / 1.45.x < 1.45.4 / 1.46.x < 1.46.3

The version of Metabase installed on the remote host is affected by an access control vulnerability. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that...

CVE-2023-32680

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...

CVE-2023-32680

CVE-2023-32680 – Metabase : The vulnerability arises from a missing enforcement of the requirement that users editing SQL snippets must belong to a group with native query editing permissions. Affected Metabase versions allowed anyone, including sandboxed users, to edit SQL snippets via API or UI...

PT-2023-23956 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.44.7 Metabase versions prior to 0.45.4 Metabase versions prior to 0.46.3 Metabase versions prior to 1.44.7 Metabase versions prior to 1.45.4 Metabase versions prior to 1.46.3 Description: Metabase is an open sourc...