- Description
- Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCD50540-E323-41CE-9D9C-EDA8CB718E42",
"versionEndExcluding": "0.41.9",
"versionStartIncluding": "0.41.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF01C7BF-CB4C-4990-9082-587CFD555225",
"versionEndExcluding": "0.42.6",
"versionStartIncluding": "0.42.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8858058E-C597-4752-8625-9B279DC65A48",
"versionEndExcluding": "0.43.7",
"versionStartIncluding": "0.43.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A94F7EA-BC18-4013-9A93-7962226FDD98",
"versionEndExcluding": "0.44.5",
"versionStartIncluding": "0.44.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "804B84E1-5D1A-4251-9829-65F5FD927D99",
"versionEndExcluding": "1.41.9",
"versionStartIncluding": "1.41.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73310924-8CD4-4696-89B9-EED3390375A6",
"versionEndExcluding": "1.42.6",
"versionStartIncluding": "1.42.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A86AA0C8-2C4F-4DDD-8371-6B43611E2479",
"versionEndExcluding": "1.43.7",
"versionStartIncluding": "1.43.0"
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF7A60F6-5062-4094-91A5-71445F9B7BC1",
"versionEndExcluding": "1.44.5",
"versionStartIncluding": "1.44.0"
}
],
"operator": "OR"
}
]
}
]