WEB APPLICATION VULNERABILITIES Standard & Premium

Metabase Local File Inclusion (CVE-2021-41277)

Description

Acunetix determined that it was possible to access Metabase's sensitive files without authentication.

Remediation

Upgrade to the latest version of Metabase

References

GeoJSON URL validation can expose server files and environment variables to unauthorized users

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6472)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

JBoss JMX management console

WordPress Plugin Brandfolder-Digital Asset Management Simplified Local/Remote File Inclusion (3.0)

Severity

High

Classification

CVE-2021-41277 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

File Inclusion