CVE-2022-24854 : Exploit Details and Defense Strategies

Metabase, an open-source business intelligence and analytics application, is impacted by a vulnerability that allows database bypassing any permissions via SQLite attach. Users are advised to take immediate action to secure their systems.

Understanding CVE-2022-24854

This CVE affects Metabase versions >= 1.41.0, < 1.41.7, >= 0.41.0, < 0.41.7, >= 1.42.0, < 1.42.4, and >= 0.42.0, < 0.42.4.

What is CVE-2022-24854?

The vulnerability in Metabase allows attackers with SQL permissions to attach a SQLite database to query across all tables, potentially bypassing permissions.

The Impact of CVE-2022-24854

With a CVSS base score of 8 and high severity, this vulnerability can lead to data confidentiality, integrity, and availability breaches.

Technical Details of CVE-2022-24854

Vulnerability Description

Metabase's SQLite feature

ATTACH DATABASE

permits unauthorized querying across databases, posing a severe security risk.

Affected Systems and Versions

Metabase versions mentioned earlier are vulnerable to this exploit. Users leveraging SQLite are particularly at risk.

Exploitation Mechanism

Attackers can exploit this vulnerability to join multiple SQLite databases and execute queries across all tables, circumventing access restrictions.

Mitigation and Prevention

Immediate Steps to Take

Users should urgently upgrade Metabase to versions that address this vulnerability. Alternatively, modifying SQLite connection strings with

?limit_attached=0

can restrict database connections.

Long-Term Security Practices

Regularly updating software, monitoring database activity, and restricting SQL permissions can enhance security posture.

Patching and Updates

Stay informed about security advisories and promptly apply patches released by Metabase to prevent exploitation of vulnerabilities.