What is CVE-2022-39361?

CVE-2022-39361 is a high-severity vulnerability in Metabase, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2022-10-26.

How severe is CVE-2022-39361?

High severity. CVSS v3 base score is 8.8 out of 10.

Improper input validation in Metabase

CVE-2022-39361

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL que…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.016 (82.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Metabase — versions < 0.41.9, >= 0.42.0, < 0.42.6, >= 0.43.0, < 0.43.7

Weakness classification (CWE)

References

github.com/metabase/metabase/security/advisories/GHSA-gqpj-wcr3-p88v

Frequently asked questions

What is CVE-2022-39361?: CVE-2022-39361 is a high-severity vulnerability in Metabase, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2022-10-26.
How severe is CVE-2022-39361?: High severity. CVSS v3 base score is 8.8 out of 10.