admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 19:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-393xx/CVE-2022-39359.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

169 lines
6.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-39359",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-10-26T19:15:12.410",
"lastModified": "2022-10-28T16:10:28.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default)."
},
{
"lang": "es",
"value": "Metabase es un software de visualizaci\u00f3n de datos. En versiones anteriores a 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9 y 1.41.9, las direcciones URL de los mapas GeoJSON personalizados segu\u00edan redireccionamientos a direcciones que no estaban permitidas, como link-local o private-network. Este problema ha sido corregido en versiones 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9 y 1.41.9. Metabase ya no sigue los redireccionamientos en las URL de mapas GeoJSON. Tambi\u00e9n fue a\u00f1adida una variable de entorno \"MB_CUSTOM_GEOJSON_ENABLED\" para deshabilitar completamente el GeoJSON personalizado (\"true\" por defecto)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.41.0",
"versionEndExcluding": "0.41.9",
"matchCriteriaId": "BCD50540-E323-41CE-9D9C-EDA8CB718E42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.42.0",
"versionEndExcluding": "0.42.6",
"matchCriteriaId": "EF01C7BF-CB4C-4990-9082-587CFD555225"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.43.0",
"versionEndExcluding": "0.43.7",
"matchCriteriaId": "8858058E-C597-4752-8625-9B279DC65A48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.44.0",
"versionEndExcluding": "0.44.5",
"matchCriteriaId": "6A94F7EA-BC18-4013-9A93-7962226FDD98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.41.0",
"versionEndExcluding": "1.41.9",
"matchCriteriaId": "804B84E1-5D1A-4251-9829-65F5FD927D99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.42.0",
"versionEndExcluding": "1.42.6",
"matchCriteriaId": "73310924-8CD4-4696-89B9-EED3390375A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.43.0",
"versionEndExcluding": "1.43.7",
"matchCriteriaId": "A86AA0C8-2C4F-4DDD-8371-6B43611E2479"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.44.0",
"versionEndExcluding": "1.44.5",
"matchCriteriaId": "EF7A60F6-5062-4094-91A5-71445F9B7BC1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/metabase/metabase/commit/057e2d67fcbeb6b48db68b697e022243e3a5771e",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-w5j7-4mgm-77f4",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink