Vulnerabilities > Metabase

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-26	CVE-2022-43776	Server-Side Request Forgery (SSRF) vulnerability in Metabase The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. network low complexity metabase CWE-918	6.5
2022-04-14	CVE-2022-24853	Information Exposure vulnerability in Metabase Metabase is an open source business intelligence and analytics application. network high complexity metabase CWE-200	2.6
2022-04-14	CVE-2022-24854	Externally Controlled Reference to a Resource in Another Sphere vulnerability in Metabase Metabase is an open source business intelligence and analytics application. network low complexity metabase CWE-610	6.5
2022-04-14	CVE-2022-24855	Cross-site Scripting vulnerability in Metabase Metabase is an open source business intelligence and analytics application. network metabase CWE-79	3.5
2021-11-17	CVE-2021-41277	Path Traversal vulnerability in Metabase Metabase is an open source data analytics platform. network low complexity metabase CWE-22	7.5
2018-11-15	CVE-2018-0697	Cross-site Scripting vulnerability in Metabase Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network metabase CWE-79	4.3

Vulnerabilities > Metabase {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Metabase"}]}