CVE-2022-24853 : Metabase is an open source business intelligence and analytics application. Meta

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.

Published 2022-04-14 22:15:08

Updated 2022-04-22 17:41:55

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2022-24853

Metabase » Metabase
Versions from including (>=) 1.42.0 and before (<) 1.42.4
cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*
Matching versions
Metabase » Metabase
Versions from including (>=) 1.41.0 and before (<) 1.41.7
cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*
Matching versions
Metabase » Metabase
Versions from including (>=) 0.41.0 and before (<) 0.41.7
cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*
Matching versions
Metabase » Metabase
Versions from including (>=) 1.40.0 and before (<) 1.40.8
cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*
Matching versions
Metabase » Metabase
Versions from including (>=) 0.40.0 and before (<) 0.40.8
cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*
Matching versions
Metabase » Metabase
Versions from including (>=) 0.42.0 and before (<) 0.42.4
cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-24853

EPSS FAQ

12.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-24853

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:P/I:N/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-24853

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)

References for CVE-2022-24853

https://www.qomplx.com/qomplx-knowledge-ntlm-relay-attacks-explained/

NTLM Relay Attacks Explained - Blog | QOMPLX
Third Party Advisory
https://secure77.de/metabase-ntlm-relay-attack/

NTLM Attack in Metabase CVE-2022-24853 - Secure77
Exploit;Third Party Advisory
https://github.com/metabase/metabase/security/advisories/GHSA-5cfq-582c-c38m

Make GeoJSON URL read fully conditional on validation · Advisory · metabase/metabase · GitHub
Release Notes;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-24853

Products affected by CVE-2022-24853

Exploit prediction scoring system (EPSS) score for CVE-2022-24853

CVSS scores for CVE-2022-24853

CWE ids for CVE-2022-24853

References for CVE-2022-24853