Vulnerabilities > Metabase > Metabase > 0.42.2

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-43776 Server-Side Request Forgery (SSRF) vulnerability in Metabase
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks.
network
low complexity
metabase CWE-918
6.5
6.5
2022-04-14 CVE-2022-24853 Information Exposure vulnerability in Metabase
Metabase is an open source business intelligence and analytics application.
network
high complexity
metabase CWE-200
2.6
2.6
2022-04-14 CVE-2022-24854 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Metabase
Metabase is an open source business intelligence and analytics application.
network
low complexity
metabase CWE-610
6.5
6.5
2022-04-14 CVE-2022-24855 Cross-site Scripting vulnerability in Metabase
Metabase is an open source business intelligence and analytics application.
network
metabase CWE-79
3.5
3.5