Metabase 0.44.x < 0.44.7 / 0.45.x < 0.45.4 / 0.46.x < 0.46.3 / 1.44.x < 1.44.7 / 1.45.x < 1.45.4 / 1.46.x < 1.46.3

The version of Metabase installed on the remote host is affected by an access control vulnerability. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that...

CVE-2023-32680

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...

PT-2023-23956 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.44.7 Metabase versions prior to 0.45.4 Metabase versions prior to 0.46.3 Metabase versions prior to 1.44.7 Metabase versions prior to 1.45.4 Metabase versions prior to 1.46.3 Description: Metabase is an open sourc...