File system exposure in Metabase
CVE-2022-24853

5.9MEDIUM

Key Information:

Vendor

Metabase

Status
Metabase
Vendor
CVE Published:
14 April 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-24853?

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an NTLM relay attack, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.

Affected Version(s)

metabase >= 1.40.0, < 1.40.7 < 1.40.0, 1.40.7

metabase >= 0.40.0, < 0.40.7 < 0.40.0, 0.40.7

metabase >= 1.41.0, < 1.41.6 < 1.41.0, 1.41.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-24853
Created by secure-77

References

https://github.com/metabase/metabase/security/advisories/...
x_refsource_CONFIRM
https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attack...
x_refsource_MISC
https://secure77.de/metabase-ntlm-relay-attack/
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.