CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43776

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.4%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2022-43776

Metabase » Metabase » Version: 0.10.0

cpe:2.3:a:metabase:metabase:0.10.0
Metabase » Metabase » Version: 0.10.3

cpe:2.3:a:metabase:metabase:0.10.3
Metabase » Metabase » Version: 0.10.4

cpe:2.3:a:metabase:metabase:0.10.4
Metabase » Metabase » Version: 0.10.4.1

cpe:2.3:a:metabase:metabase:0.10.4.1
Metabase » Metabase » Version: 0.11.0

cpe:2.3:a:metabase:metabase:0.11.0
Metabase » Metabase » Version: 0.11.1

cpe:2.3:a:metabase:metabase:0.11.1
Metabase » Metabase » Version: 0.11.2

cpe:2.3:a:metabase:metabase:0.11.2
Metabase » Metabase » Version: 0.11.3

cpe:2.3:a:metabase:metabase:0.11.3
Metabase » Metabase » Version: 0.12.0

cpe:2.3:a:metabase:metabase:0.12.0
Metabase » Metabase » Version: 0.12.1

cpe:2.3:a:metabase:metabase:0.12.1
Metabase » Metabase » Version: 0.13.0

cpe:2.3:a:metabase:metabase:0.13.0
Metabase » Metabase » Version: 0.13.1

cpe:2.3:a:metabase:metabase:0.13.1
Metabase » Metabase » Version: 0.13.2

cpe:2.3:a:metabase:metabase:0.13.2
Metabase » Metabase » Version: 0.13.3

cpe:2.3:a:metabase:metabase:0.13.3
Metabase » Metabase » Version: 0.14.0

cpe:2.3:a:metabase:metabase:0.14.0
Metabase » Metabase » Version: 0.14.1

cpe:2.3:a:metabase:metabase:0.14.1
Metabase » Metabase » Version: 0.15.0

cpe:2.3:a:metabase:metabase:0.15.0
Metabase » Metabase » Version: 0.15.1

cpe:2.3:a:metabase:metabase:0.15.1
Metabase » Metabase » Version: 0.16.0

cpe:2.3:a:metabase:metabase:0.16.0
Metabase » Metabase » Version: 0.16.1

cpe:2.3:a:metabase:metabase:0.16.1
Metabase » Metabase » Version: 0.17.0

cpe:2.3:a:metabase:metabase:0.17.0
Metabase » Metabase » Version: 0.17.1

cpe:2.3:a:metabase:metabase:0.17.1
Metabase » Metabase » Version: 0.18.0

cpe:2.3:a:metabase:metabase:0.18.0
Metabase » Metabase » Version: 0.18.1

cpe:2.3:a:metabase:metabase:0.18.1
Metabase » Metabase » Version: 0.19.0

cpe:2.3:a:metabase:metabase:0.19.0
Metabase » Metabase » Version: 0.19.1

cpe:2.3:a:metabase:metabase:0.19.1
Metabase » Metabase » Version: 0.19.2

cpe:2.3:a:metabase:metabase:0.19.2
Metabase » Metabase » Version: 0.19.3

cpe:2.3:a:metabase:metabase:0.19.3
Metabase » Metabase » Version: 0.20.0

cpe:2.3:a:metabase:metabase:0.20.0
Metabase » Metabase » Version: 0.20.1

cpe:2.3:a:metabase:metabase:0.20.1
Metabase » Metabase » Version: 0.20.2

cpe:2.3:a:metabase:metabase:0.20.2
Metabase » Metabase » Version: 0.20.3

cpe:2.3:a:metabase:metabase:0.20.3
Metabase » Metabase » Version: 0.21.0

cpe:2.3:a:metabase:metabase:0.21.0
Metabase » Metabase » Version: 0.21.1

cpe:2.3:a:metabase:metabase:0.21.1
Metabase » Metabase » Version: 0.22.0

cpe:2.3:a:metabase:metabase:0.22.0
Metabase » Metabase » Version: 0.22.1

cpe:2.3:a:metabase:metabase:0.22.1
Metabase » Metabase » Version: 0.22.2

cpe:2.3:a:metabase:metabase:0.22.2
Metabase » Metabase » Version: 0.23.0

cpe:2.3:a:metabase:metabase:0.23.0
Metabase » Metabase » Version: 0.23.1

cpe:2.3:a:metabase:metabase:0.23.1
Metabase » Metabase » Version: 0.24.0

cpe:2.3:a:metabase:metabase:0.24.0
Metabase » Metabase » Version: 0.24.1

cpe:2.3:a:metabase:metabase:0.24.1
Metabase » Metabase » Version: 0.24.2

cpe:2.3:a:metabase:metabase:0.24.2
Metabase » Metabase » Version: 0.25.0

cpe:2.3:a:metabase:metabase:0.25.0
Metabase » Metabase » Version: 0.25.1

cpe:2.3:a:metabase:metabase:0.25.1
Metabase » Metabase » Version: 0.25.2

cpe:2.3:a:metabase:metabase:0.25.2
Metabase » Metabase » Version: 0.26.0

cpe:2.3:a:metabase:metabase:0.26.0
Metabase » Metabase » Version: 0.26.1

cpe:2.3:a:metabase:metabase:0.26.1
Metabase » Metabase » Version: 0.26.2

cpe:2.3:a:metabase:metabase:0.26.2
Metabase » Metabase » Version: 0.27.0

cpe:2.3:a:metabase:metabase:0.27.0
Metabase » Metabase » Version: 0.27.1

cpe:2.3:a:metabase:metabase:0.27.1
Metabase » Metabase » Version: 0.27.2

cpe:2.3:a:metabase:metabase:0.27.2
Metabase » Metabase » Version: 0.28.0

cpe:2.3:a:metabase:metabase:0.28.0
Metabase » Metabase » Version: 0.28.1

cpe:2.3:a:metabase:metabase:0.28.1
Metabase » Metabase » Version: 0.28.2

cpe:2.3:a:metabase:metabase:0.28.2
Metabase » Metabase » Version: 0.28.3

cpe:2.3:a:metabase:metabase:0.28.3
Metabase » Metabase » Version: 0.28.4

cpe:2.3:a:metabase:metabase:0.28.4
Metabase » Metabase » Version: 0.28.5

cpe:2.3:a:metabase:metabase:0.28.5
Metabase » Metabase » Version: 0.28.6

cpe:2.3:a:metabase:metabase:0.28.6
Metabase » Metabase » Version: 0.29.0

cpe:2.3:a:metabase:metabase:0.29.0
Metabase » Metabase » Version: 0.29.1

cpe:2.3:a:metabase:metabase:0.29.1
Metabase » Metabase » Version: 0.29.2

cpe:2.3:a:metabase:metabase:0.29.2
Metabase » Metabase » Version: 0.29.3

cpe:2.3:a:metabase:metabase:0.29.3
Metabase » Metabase » Version: 0.30.0

cpe:2.3:a:metabase:metabase:0.30.0
Metabase » Metabase » Version: 0.30.1

cpe:2.3:a:metabase:metabase:0.30.1
Metabase » Metabase » Version: 0.30.2

cpe:2.3:a:metabase:metabase:0.30.2
Metabase » Metabase » Version: 0.30.3

cpe:2.3:a:metabase:metabase:0.30.3
Metabase » Metabase » Version: 0.30.4

cpe:2.3:a:metabase:metabase:0.30.4
Metabase » Metabase » Version: 0.31.0

cpe:2.3:a:metabase:metabase:0.31.0
Metabase » Metabase » Version: 0.31.1

cpe:2.3:a:metabase:metabase:0.31.1
Metabase » Metabase » Version: 0.31.2

cpe:2.3:a:metabase:metabase:0.31.2
Metabase » Metabase » Version: 0.31.3

cpe:2.3:a:metabase:metabase:0.31.3
Metabase » Metabase » Version: 0.32.0

cpe:2.3:a:metabase:metabase:0.32.0
Metabase » Metabase » Version: 0.32.1

cpe:2.3:a:metabase:metabase:0.32.1
Metabase » Metabase » Version: 0.32.10

cpe:2.3:a:metabase:metabase:0.32.10
Metabase » Metabase » Version: 0.32.2

cpe:2.3:a:metabase:metabase:0.32.2
Metabase » Metabase » Version: 0.32.3

cpe:2.3:a:metabase:metabase:0.32.3
Metabase » Metabase » Version: 0.32.4

cpe:2.3:a:metabase:metabase:0.32.4
Metabase » Metabase » Version: 0.32.5

cpe:2.3:a:metabase:metabase:0.32.5
Metabase » Metabase » Version: 0.32.6

cpe:2.3:a:metabase:metabase:0.32.6
Metabase » Metabase » Version: 0.32.7

cpe:2.3:a:metabase:metabase:0.32.7
Metabase » Metabase » Version: 0.32.8

cpe:2.3:a:metabase:metabase:0.32.8
Metabase » Metabase » Version: 0.32.9

cpe:2.3:a:metabase:metabase:0.32.9
Metabase » Metabase » Version: 0.33.0

cpe:2.3:a:metabase:metabase:0.33.0
Metabase » Metabase » Version: 0.33.1

cpe:2.3:a:metabase:metabase:0.33.1
Metabase » Metabase » Version: 0.33.2

cpe:2.3:a:metabase:metabase:0.33.2
Metabase » Metabase » Version: 0.33.3

cpe:2.3:a:metabase:metabase:0.33.3
Metabase » Metabase » Version: 0.33.4

cpe:2.3:a:metabase:metabase:0.33.4
Metabase » Metabase » Version: 0.33.5

cpe:2.3:a:metabase:metabase:0.33.5
Metabase » Metabase » Version: 0.33.5.1

cpe:2.3:a:metabase:metabase:0.33.5.1
Metabase » Metabase » Version: 0.33.6

cpe:2.3:a:metabase:metabase:0.33.6
Metabase » Metabase » Version: 0.33.7

cpe:2.3:a:metabase:metabase:0.33.7
Metabase » Metabase » Version: 0.33.7.1

cpe:2.3:a:metabase:metabase:0.33.7.1
Metabase » Metabase » Version: 0.33.7.2

cpe:2.3:a:metabase:metabase:0.33.7.2
Metabase » Metabase » Version: 0.33.7.3

cpe:2.3:a:metabase:metabase:0.33.7.3
Metabase » Metabase » Version: 0.34.0

cpe:2.3:a:metabase:metabase:0.34.0
Metabase » Metabase » Version: 0.34.1

cpe:2.3:a:metabase:metabase:0.34.1
Metabase » Metabase » Version: 0.34.2

cpe:2.3:a:metabase:metabase:0.34.2
Metabase » Metabase » Version: 0.34.3

cpe:2.3:a:metabase:metabase:0.34.3
Metabase » Metabase » Version: 0.35.0

cpe:2.3:a:metabase:metabase:0.35.0
Metabase » Metabase » Version: 0.35.1

cpe:2.3:a:metabase:metabase:0.35.1
Metabase » Metabase » Version: 0.35.2

cpe:2.3:a:metabase:metabase:0.35.2
Metabase » Metabase » Version: 0.35.3

cpe:2.3:a:metabase:metabase:0.35.3
Metabase » Metabase » Version: 0.35.4

cpe:2.3:a:metabase:metabase:0.35.4
Metabase » Metabase » Version: 0.35.6

cpe:2.3:a:metabase:metabase:0.35.6
Metabase » Metabase » Version: 0.36.0

cpe:2.3:a:metabase:metabase:0.36.0
Metabase » Metabase » Version: 0.36.1

cpe:2.3:a:metabase:metabase:0.36.1
Metabase » Metabase » Version: 0.36.10

cpe:2.3:a:metabase:metabase:0.36.10
Metabase » Metabase » Version: 0.36.11

cpe:2.3:a:metabase:metabase:0.36.11
Metabase » Metabase » Version: 0.36.12

cpe:2.3:a:metabase:metabase:0.36.12
Metabase » Metabase » Version: 0.36.2

cpe:2.3:a:metabase:metabase:0.36.2
Metabase » Metabase » Version: 0.36.3

cpe:2.3:a:metabase:metabase:0.36.3
Metabase » Metabase » Version: 0.36.4

cpe:2.3:a:metabase:metabase:0.36.4
Metabase » Metabase » Version: 0.36.5

cpe:2.3:a:metabase:metabase:0.36.5
Metabase » Metabase » Version: 0.36.5.1

cpe:2.3:a:metabase:metabase:0.36.5.1
Metabase » Metabase » Version: 0.36.6

cpe:2.3:a:metabase:metabase:0.36.6
Metabase » Metabase » Version: 0.36.7

cpe:2.3:a:metabase:metabase:0.36.7
Metabase » Metabase » Version: 0.36.8

cpe:2.3:a:metabase:metabase:0.36.8
Metabase » Metabase » Version: 0.36.8.1

cpe:2.3:a:metabase:metabase:0.36.8.1
Metabase » Metabase » Version: 0.36.8.2

cpe:2.3:a:metabase:metabase:0.36.8.2
Metabase » Metabase » Version: 0.37.0

cpe:2.3:a:metabase:metabase:0.37.0
Metabase » Metabase » Version: 0.37.0.1

cpe:2.3:a:metabase:metabase:0.37.0.1
Metabase » Metabase » Version: 0.37.0.2

cpe:2.3:a:metabase:metabase:0.37.0.2
Metabase » Metabase » Version: 0.37.1

cpe:2.3:a:metabase:metabase:0.37.1
Metabase » Metabase » Version: 0.37.10

cpe:2.3:a:metabase:metabase:0.37.10
Metabase » Metabase » Version: 0.37.11

cpe:2.3:a:metabase:metabase:0.37.11
Metabase » Metabase » Version: 0.37.12

cpe:2.3:a:metabase:metabase:0.37.12
Metabase » Metabase » Version: 0.37.2

cpe:2.3:a:metabase:metabase:0.37.2
Metabase » Metabase » Version: 0.37.3

cpe:2.3:a:metabase:metabase:0.37.3
Metabase » Metabase » Version: 0.37.4

cpe:2.3:a:metabase:metabase:0.37.4
Metabase » Metabase » Version: 0.37.5

cpe:2.3:a:metabase:metabase:0.37.5
Metabase » Metabase » Version: 0.37.6

cpe:2.3:a:metabase:metabase:0.37.6
Metabase » Metabase » Version: 0.37.7

cpe:2.3:a:metabase:metabase:0.37.7
Metabase » Metabase » Version: 0.37.8

cpe:2.3:a:metabase:metabase:0.37.8
Metabase » Metabase » Version: 0.37.9

cpe:2.3:a:metabase:metabase:0.37.9
Metabase » Metabase » Version: 0.38.0

cpe:2.3:a:metabase:metabase:0.38.0
Metabase » Metabase » Version: 0.38.0.1

cpe:2.3:a:metabase:metabase:0.38.0.1
Metabase » Metabase » Version: 0.38.1

cpe:2.3:a:metabase:metabase:0.38.1
Metabase » Metabase » Version: 0.38.2

cpe:2.3:a:metabase:metabase:0.38.2
Metabase » Metabase » Version: 0.38.3

cpe:2.3:a:metabase:metabase:0.38.3
Metabase » Metabase » Version: 0.38.4

cpe:2.3:a:metabase:metabase:0.38.4
Metabase » Metabase » Version: 0.38.5

cpe:2.3:a:metabase:metabase:0.38.5
Metabase » Metabase » Version: 0.38.6

cpe:2.3:a:metabase:metabase:0.38.6
Metabase » Metabase » Version: 0.39.0

cpe:2.3:a:metabase:metabase:0.39.0
Metabase » Metabase » Version: 0.39.0.1

cpe:2.3:a:metabase:metabase:0.39.0.1
Metabase » Metabase » Version: 0.39.1

cpe:2.3:a:metabase:metabase:0.39.1
Metabase » Metabase » Version: 0.39.2

cpe:2.3:a:metabase:metabase:0.39.2
Metabase » Metabase » Version: 0.39.3

cpe:2.3:a:metabase:metabase:0.39.3
Metabase » Metabase » Version: 0.39.4

cpe:2.3:a:metabase:metabase:0.39.4
Metabase » Metabase » Version: 0.39.5

cpe:2.3:a:metabase:metabase:0.39.5
Metabase » Metabase » Version: 0.39.6

cpe:2.3:a:metabase:metabase:0.39.6
Metabase » Metabase » Version: 0.39.7

cpe:2.3:a:metabase:metabase:0.39.7
Metabase » Metabase » Version: 0.40.0

cpe:2.3:a:metabase:metabase:0.40.0
Metabase » Metabase » Version: 0.40.1

cpe:2.3:a:metabase:metabase:0.40.1
Metabase » Metabase » Version: 0.40.2

cpe:2.3:a:metabase:metabase:0.40.2
Metabase » Metabase » Version: 0.40.3

cpe:2.3:a:metabase:metabase:0.40.3
Metabase » Metabase » Version: 0.40.3.1

cpe:2.3:a:metabase:metabase:0.40.3.1
Metabase » Metabase » Version: 0.40.4

cpe:2.3:a:metabase:metabase:0.40.4
Metabase » Metabase » Version: 0.40.5

cpe:2.3:a:metabase:metabase:0.40.5
Metabase » Metabase » Version: 0.40.6

cpe:2.3:a:metabase:metabase:0.40.6
Metabase » Metabase » Version: 0.40.7

cpe:2.3:a:metabase:metabase:0.40.7
Metabase » Metabase » Version: 0.40.8

cpe:2.3:a:metabase:metabase:0.40.8
Metabase » Metabase » Version: 0.41.0

cpe:2.3:a:metabase:metabase:0.41.0
Metabase » Metabase » Version: 0.41.1

cpe:2.3:a:metabase:metabase:0.41.1
Metabase » Metabase » Version: 0.41.2

cpe:2.3:a:metabase:metabase:0.41.2
Metabase » Metabase » Version: 0.41.3

cpe:2.3:a:metabase:metabase:0.41.3
Metabase » Metabase » Version: 0.41.3.1

cpe:2.3:a:metabase:metabase:0.41.3.1
Metabase » Metabase » Version: 0.41.4

cpe:2.3:a:metabase:metabase:0.41.4
Metabase » Metabase » Version: 0.41.5

cpe:2.3:a:metabase:metabase:0.41.5
Metabase » Metabase » Version: 0.41.6

cpe:2.3:a:metabase:metabase:0.41.6
Metabase » Metabase » Version: 0.41.7

cpe:2.3:a:metabase:metabase:0.41.7
Metabase » Metabase » Version: 0.41.8

cpe:2.3:a:metabase:metabase:0.41.8
Metabase » Metabase » Version: 0.41.9

cpe:2.3:a:metabase:metabase:0.41.9
Metabase » Metabase » Version: 0.42.0

cpe:2.3:a:metabase:metabase:0.42.0
Metabase » Metabase » Version: 0.42.1

cpe:2.3:a:metabase:metabase:0.42.1
Metabase » Metabase » Version: 0.42.2

cpe:2.3:a:metabase:metabase:0.42.2
Metabase » Metabase » Version: 0.42.3

cpe:2.3:a:metabase:metabase:0.42.3
Metabase » Metabase » Version: 0.42.4

cpe:2.3:a:metabase:metabase:0.42.4
Metabase » Metabase » Version: 0.42.4.1

cpe:2.3:a:metabase:metabase:0.42.4.1
Metabase » Metabase » Version: 0.42.5

cpe:2.3:a:metabase:metabase:0.42.5
Metabase » Metabase » Version: 0.42.6

cpe:2.3:a:metabase:metabase:0.42.6
Metabase » Metabase » Version: 0.43.0

cpe:2.3:a:metabase:metabase:0.43.0
Metabase » Metabase » Version: 0.43.1

cpe:2.3:a:metabase:metabase:0.43.1
Metabase » Metabase » Version: 0.43.2

cpe:2.3:a:metabase:metabase:0.43.2
Metabase » Metabase » Version: 0.43.3

cpe:2.3:a:metabase:metabase:0.43.3
Metabase » Metabase » Version: 0.43.4

cpe:2.3:a:metabase:metabase:0.43.4
Metabase » Metabase » Version: 0.43.4.1

cpe:2.3:a:metabase:metabase:0.43.4.1
Metabase » Metabase » Version: 0.43.4.2

cpe:2.3:a:metabase:metabase:0.43.4.2
Metabase » Metabase » Version: 0.43.5

cpe:2.3:a:metabase:metabase:0.43.5
Metabase » Metabase » Version: 0.43.6

cpe:2.3:a:metabase:metabase:0.43.6
Metabase » Metabase » Version: 0.43.7

cpe:2.3:a:metabase:metabase:0.43.7
Metabase » Metabase » Version: 0.43.7.1

cpe:2.3:a:metabase:metabase:0.43.7.1
Metabase » Metabase » Version: 0.43.7.2

cpe:2.3:a:metabase:metabase:0.43.7.2
Metabase » Metabase » Version: 0.43.7.3

cpe:2.3:a:metabase:metabase:0.43.7.3
Metabase » Metabase » Version: 0.44.0

cpe:2.3:a:metabase:metabase:0.44.0
Metabase » Metabase » Version: 0.44.1

cpe:2.3:a:metabase:metabase:0.44.1
Metabase » Metabase » Version: 0.44.2

cpe:2.3:a:metabase:metabase:0.44.2
Metabase » Metabase » Version: 0.44.3

cpe:2.3:a:metabase:metabase:0.44.3
Metabase » Metabase » Version: 0.44.4

cpe:2.3:a:metabase:metabase:0.44.4
Metabase » Metabase » Version: 0.9

cpe:2.3:a:metabase:metabase:0.9
Metabase » Metabase » Version: 0.9.1

cpe:2.3:a:metabase:metabase:0.9.1
Metabase » Metabase » Version: 0.9.2

cpe:2.3:a:metabase:metabase:0.9.2
Metabase » Metabase » Version: 0.9.3

cpe:2.3:a:metabase:metabase:0.9.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43776

Products

Pricing

Contact Us