CVE-2022-24853 : Security Advisory and Response
Metabase is vulnerable to file system exposure leading to NTLM relay attacks. Upgrade to prevent hackers from accessing system password hashes. Learn more about CVE-2022-24853.
Metabase, an open-source business intelligence and analytics application, is affected by a vulnerability that could lead to file system exposure and NTLM relay attacks on Windows systems. Immediate action is recommended to prevent potential exposure of sensitive information.
Understanding CVE-2022-24853
This CVE describes a security issue in Metabase that allows a crafted request to access files on Windows, potentially enabling an NTLM relay attack.
What is CVE-2022-24853?
Metabase's GeoJSON support feature loads arbitrary URLs, and a specially crafted request can bypass validation and access files on Windows systems. This could result in an attacker obtaining the system password hash through an NTLM relay attack.
The Impact of CVE-2022-24853
The vulnerability has a CVSS base score of 5.9, with a medium severity rating. It has a high impact on confidentiality, allowing attackers to access sensitive information without requiring user interaction.
Technical Details of CVE-2022-24853
Vulnerability Description
Metabase versions between certain ranges are affected, including versions 1.40.0 to 1.40.7, 0.40.0 to 0.40.7, 1.41.0 to 1.41.6, 0.41.0 to 0.41.6, 1.42.0 to 1.42.3, and 0.42.0 to 0.42.3. Upgrade to patched versions 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8 to mitigate the risk.
Affected Systems and Versions
Metabase versions listed above are susceptible to NTLM relay attacks on Windows systems. Users of these versions should update to versions that address this vulnerability.
Exploitation Mechanism
By exploiting the file access vulnerability on Windows systems, attackers can potentially intercept system password hashes using an NTLM relay attack.
Mitigation and Prevention
Immediate Steps to Take
Users of affected Metabase versions on Windows should upgrade to the latest patched versions (0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8) to prevent file system exposure and NTLM relay attacks.
Long-Term Security Practices
Regularly update Metabase to the latest versions and maintain a secure configuration to prevent similar vulnerabilities from being exploited.
Patching and Updates
Stay informed about security advisories related to Metabase and promptly install updates to address known vulnerabilities.