Vulnerabilidades en metabase
20 resultadosCVE-2021-41277CRITICALGeoJSON URL validation can expose server files and environment variables to unauthorized usersEPSS 96.9%KEVCVE-2022-24853MEDIUMFile system exposure in MetabaseEPSS 2.4%CVE-2023-37470CRITICALMetabase vulnerable to remote code execution via POST /api/setup/validate API endpoint EPSS 1.1%CVE-2022-24854HIGHDatabase bypassing any permissions in Metabase via SQlite attachEPSS 1.0%CVE-2022-39361HIGHMetabase vulnerable to Remote Code Execution via H2EPSS 1.0%CVE-2022-39362HIGHMetabase vulnerable to arbitrary SQL execution from queryhashEPSS 0.8%CVE-2026-33725HIGHMetabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization ImportEPSS 0.8%CVE-2022-24855HIGHXSS vulnerability in MetabaseEPSS 0.7%CVE-2023-32680MEDIUMMissing SQL permissions check in metabaseEPSS 0.6%CVE-2022-39359MEDIUMMetabase's GeoJSON validation doesn't prevent redirects to blocked URLsEPSS 0.6%CVE-2022-39360MEDIUMMetabase SSO users able to circumvent IdP login by doing password resetEPSS 0.5%CVE-2022-39358MEDIUMMetabase vulnerable to circumvention of Locked parameter in Signed EmbeddingEPSS 0.4%CVE-2023-23628MEDIUMMetabase subject to Exposure of Sensitive Information to an Unauthorized Actor EPSS 0.4%CVE-2024-55951MEDIUMMetabase sandboxed users could see filter values from other sandboxed usersEPSS 0.4%CVE-2023-23629MEDIUMMetabase subject to Improper Privilege ManagementEPSS 0.4%CVE-2025-30371LOWMetabase vulnerable to circumvention of local link access protection in GeoJson endpointEPSS 0.4%CVE-2025-27141MEDIUMMetabase Enterprise Edition allows cached questions to leak data to impersonated usersEPSS 0.3%CVE-2025-32382LOWSnowflake credentials logged by the Metabase backendEPSS 0.3%CVE-2026-27464HIGHMetabase: Server-Side Template Injection via Notifications Endpoint Leads to RCEEPSS 0.3%CVE-2026-22805LOWMetabase channel test endpoint can reach internal local addressesEPSS 0.2%