- Description
- Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and 57.1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- metabase
CVSS 4.0
- Type
- Secondary
- Base score
- 2.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-918
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F4A0D575-8CFF-4FFD-8139-C8AB9A2FBC08",
"versionEndExcluding": "0.55.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "40AAAF84-1F5E-4A75-84BA-A42A95AE1930",
"versionEndExcluding": "1.55.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*",
"matchCriteriaId": "38B54579-0285-4B58-A30F-1ECCAA9C6F40",
"versionEndExcluding": "0.56.3",
"versionStartIncluding": "0.56.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A939F298-EE96-4017-8322-192BA080F500",
"versionEndExcluding": "1.56.3",
"versionStartIncluding": "1.56.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:metabase:metabase:0.57.0:beta:*:*:-:*:*:*",
"matchCriteriaId": "6205A3AA-7DDB-4450-9340-61EACE075F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:metabase:metabase:1.57.0:beta:*:*:enterprise:*:*:*",
"matchCriteriaId": "F7765873-8C95-4AF8-A756-23C8AD7A1074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]