Unrated severityNVD Advisory· Published Oct 26, 2022· Updated Apr 23, 2025
Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
CVE-2022-39358
Description
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<0.42.6 || (>=0.43.0 <0.43.7) || (>=0.44.0 <0.44.5) || >=1.42.0 <1.42.6 || (>=1.43.0 <1.43.7) || (>=1.44.0 <1.44.5)+ 1 more
- (no CPE)range: <0.42.6 || (>=0.43.0 <0.43.7) || (>=0.44.0 <0.44.5) || >=1.42.0 <1.42.6 || (>=1.43.0 <1.43.7) || (>=1.44.0 <1.44.5)
- (no CPE)range: < 0.42.6
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.