Impact
Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an NTLM relay attack, potentially allowing an attacker to receive the password hash.
Patches
The following patches (or greater versions) are available:
- 0.42.4 and 1.42.4
- 0.41.7 and 1.41.7
- 0.40.8 and 1.40.8
If you use host Metabase in a Windows environment, then it's advised to upgrade.
All releases are available on https://github.com/metabase/metabase/releases
Credits
Reported by https://github.com/secure-77 via security@ email
secure-77 Analyst
Impact
Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an NTLM relay attack, potentially allowing an attacker to receive the password hash.
Patches
The following patches (or greater versions) are available:
If you use host Metabase in a Windows environment, then it's advised to upgrade.
All releases are available on https://github.com/metabase/metabase/releases
Credits
Reported by https://github.com/secure-77 via security@ email