Vulnerabilities > Metabase > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-28 CVE-2023-23628 Information Exposure vulnerability in Metabase
Metabase is an open source data analytics platform.
network
low complexity
metabase CWE-200
4.1
2023-01-28 CVE-2023-23629 Improper Privilege Management vulnerability in Metabase
Metabase is an open source data analytics platform.
network
low complexity
metabase CWE-269
6.3
2022-10-26 CVE-2022-39358 Improper Locking vulnerability in Metabase
Metabase is data visualization software.
network
low complexity
metabase CWE-667
6.5
2022-10-26 CVE-2022-39359 Open Redirect vulnerability in Metabase
Metabase is data visualization software.
network
low complexity
metabase CWE-601
6.5
2022-10-26 CVE-2022-39360 Improper Authentication vulnerability in Metabase
Metabase is data visualization software.
network
low complexity
metabase CWE-287
6.5
2022-10-26 CVE-2022-43776 Server-Side Request Forgery (SSRF) vulnerability in Metabase
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks.
network
low complexity
metabase CWE-918
6.5
2022-04-14 CVE-2022-24854 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Metabase
Metabase is an open source business intelligence and analytics application.
network
low complexity
metabase CWE-610
6.5
2018-11-15 CVE-2018-0697 Cross-site Scripting vulnerability in Metabase
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
metabase CWE-79
4.3