← Volver a CVEs
CVE-2022-39360
MEDIUM6.5
Descripcion
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/26/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
metabase:metabase
Debilidades (CWE)
CWE-287CWE-304CWE-287
Referencias
https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730(security-advisories@github.com)
https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc(security-advisories@github.com)
https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.