by nfm on 7/29/23, 5:03 AM with 2 comments
by nfm on 7/29/23, 5:06 AM
Today they have announced further, related vulnerabilities, and if you're running your own instance you should patch again, or disable your instance until you have a chance to do so.
The vulnerabilities allow an unauthenticated attacker to run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on. This would allow arbitrary querying of any database that Metabase is connected to.
by exabrial on 7/29/23, 1:34 PM