Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
Vulnerability Description
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Metabase 安全漏洞
Vulnerability Description
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 存在安全漏洞,该漏洞源于在嵌入式仪表板中为问题请求数据时,可以通过构建对后端的恶意请求来规避锁定的参数。
CVSS Information
N/A
Vulnerability Type
N/A