CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39358

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.2%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2022-39358

Metabase » Metabase » Version: 0.42.0

cpe:2.3:a:metabase:metabase:0.42.0
Metabase » Metabase » Version: 0.42.1

cpe:2.3:a:metabase:metabase:0.42.1
Metabase » Metabase » Version: 0.42.2

cpe:2.3:a:metabase:metabase:0.42.2
Metabase » Metabase » Version: 0.42.3

cpe:2.3:a:metabase:metabase:0.42.3
Metabase » Metabase » Version: 0.42.4

cpe:2.3:a:metabase:metabase:0.42.4
Metabase » Metabase » Version: 0.42.4.1

cpe:2.3:a:metabase:metabase:0.42.4.1
Metabase » Metabase » Version: 0.42.5

cpe:2.3:a:metabase:metabase:0.42.5
Metabase » Metabase » Version: 0.43.0

cpe:2.3:a:metabase:metabase:0.43.0
Metabase » Metabase » Version: 0.43.1

cpe:2.3:a:metabase:metabase:0.43.1
Metabase » Metabase » Version: 0.43.2

cpe:2.3:a:metabase:metabase:0.43.2
Metabase » Metabase » Version: 0.43.3

cpe:2.3:a:metabase:metabase:0.43.3
Metabase » Metabase » Version: 0.43.4

cpe:2.3:a:metabase:metabase:0.43.4
Metabase » Metabase » Version: 0.43.4.1

cpe:2.3:a:metabase:metabase:0.43.4.1
Metabase » Metabase » Version: 0.43.4.2

cpe:2.3:a:metabase:metabase:0.43.4.2
Metabase » Metabase » Version: 0.43.5

cpe:2.3:a:metabase:metabase:0.43.5
Metabase » Metabase » Version: 0.43.6

cpe:2.3:a:metabase:metabase:0.43.6
Metabase » Metabase » Version: 0.44.0

cpe:2.3:a:metabase:metabase:0.44.0
Metabase » Metabase » Version: 0.44.1

cpe:2.3:a:metabase:metabase:0.44.1
Metabase » Metabase » Version: 0.44.2

cpe:2.3:a:metabase:metabase:0.44.2
Metabase » Metabase » Version: 0.44.3

cpe:2.3:a:metabase:metabase:0.44.3
Metabase » Metabase » Version: 0.44.4

cpe:2.3:a:metabase:metabase:0.44.4
Metabase » Metabase » Version: 1.42.0

cpe:2.3:a:metabase:metabase:1.42.0
Metabase » Metabase » Version: 1.42.1

cpe:2.3:a:metabase:metabase:1.42.1
Metabase » Metabase » Version: 1.42.2

cpe:2.3:a:metabase:metabase:1.42.2
Metabase » Metabase » Version: 1.42.3

cpe:2.3:a:metabase:metabase:1.42.3
Metabase » Metabase » Version: 1.42.4

cpe:2.3:a:metabase:metabase:1.42.4
Metabase » Metabase » Version: 1.42.4.1

cpe:2.3:a:metabase:metabase:1.42.4.1
Metabase » Metabase » Version: 1.42.5

cpe:2.3:a:metabase:metabase:1.42.5
Metabase » Metabase » Version: 1.43.0

cpe:2.3:a:metabase:metabase:1.43.0
Metabase » Metabase » Version: 1.43.1

cpe:2.3:a:metabase:metabase:1.43.1
Metabase » Metabase » Version: 1.43.2

cpe:2.3:a:metabase:metabase:1.43.2
Metabase » Metabase » Version: 1.43.3

cpe:2.3:a:metabase:metabase:1.43.3
Metabase » Metabase » Version: 1.43.4

cpe:2.3:a:metabase:metabase:1.43.4
Metabase » Metabase » Version: 1.43.4.1

cpe:2.3:a:metabase:metabase:1.43.4.1
Metabase » Metabase » Version: 1.43.4.2

cpe:2.3:a:metabase:metabase:1.43.4.2
Metabase » Metabase » Version: 1.43.5

cpe:2.3:a:metabase:metabase:1.43.5
Metabase » Metabase » Version: 1.43.6

cpe:2.3:a:metabase:metabase:1.43.6
Metabase » Metabase » Version: 1.44.0

cpe:2.3:a:metabase:metabase:1.44.0
Metabase » Metabase » Version: 1.44.1

cpe:2.3:a:metabase:metabase:1.44.1
Metabase » Metabase » Version: 1.44.2

cpe:2.3:a:metabase:metabase:1.44.2
Metabase » Metabase » Version: 1.44.3

cpe:2.3:a:metabase:metabase:1.44.3
Metabase » Metabase » Version: 1.44.4

cpe:2.3:a:metabase:metabase:1.44.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39358

Products

Pricing

Contact Us