Description Preview
Overview
Metabase, an open source data analytics platform, contained a security vulnerability in its custom GeoJSON map feature accessible through the admin settings (admin->settings->maps->custom maps->add a map). The vulnerability stems from improper validation of URLs before they are loaded, which could lead to local file inclusion. This could allow attackers to access sensitive files and environment variables on the server hosting the Metabase instance. The vulnerability is particularly concerning as it could expose configuration details, credentials, and other sensitive information that might be stored in environment variables or local files.
Remediation
To address this vulnerability, users should upgrade to Metabase version 0.40.5, 1.40.5, or any subsequent release that contains the security fix. If immediate upgrading is not possible, a temporary mitigation strategy is to implement validation rules in your reverse proxy, load balancer, or Web Application Firewall (WAF) to filter and validate requests before they reach the Metabase application. Organizations should also review access logs for any suspicious activities that might indicate exploitation attempts of this vulnerability.
References
- Patch: https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0
- Advisory: https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Early Warning
Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.
- Armis Alert Date
- Nov 17, 2021
- CISA KEV Date
- Nov 12, 2024
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- ConstructionConstruction: Low
- Educational ServicesEducational Services: Low
- Finance and InsuranceFinance and Insurance: Low
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- ManufacturingManufacturing: Low
- MiningMining: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Public AdministrationPublic Administration: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Retail TradeRetail Trade: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- UtilitiesUtilities: Low
- Wholesale TradeWholesale Trade: Low
