{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T20:32:35.690","vulnerabilities":[{"cve":{"id":"CVE-2022-39360","sourceIdentifier":"security-advisories@github.com","published":"2022-10-26T19:15:13.657","lastModified":"2024-11-21T07:18:06.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login."},{"lang":"es","value":"Metabase es un software de visualización de datos. En versiones anteriores a 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9 y 1.41.9, los usuarios de inicio de sesión único (SSO) podían restablecer sus contraseñas en Metabase, lo que podía permitir el acceso de un usuario sin pasar por el IdP de SSO. Este problema ha sido corregido en las versiones 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9 y 1.41.9. Metabase ahora bloquea el restablecimiento de la contraseña para todos los usuarios que usan SSO para su inicio de sesión en Metabase"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-304"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"0.41.0","versionEndExcluding":"0.41.9","matchCriteriaId":"BCD50540-E323-41CE-9D9C-EDA8CB718E42"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"0.42.0","versionEndExcluding":"0.42.6","matchCriteriaId":"EF01C7BF-CB4C-4990-9082-587CFD555225"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"0.43.0","versionEndExcluding":"0.43.7","matchCriteriaId":"8858058E-C597-4752-8625-9B279DC65A48"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"0.44.0","versionEndExcluding":"0.44.5","matchCriteriaId":"6A94F7EA-BC18-4013-9A93-7962226FDD98"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"1.41.0","versionEndExcluding":"1.41.9","matchCriteriaId":"804B84E1-5D1A-4251-9829-65F5FD927D99"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"1.42.0","versionEndExcluding":"1.42.6","matchCriteriaId":"73310924-8CD4-4696-89B9-EED3390375A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"1.43.0","versionEndExcluding":"1.43.7","matchCriteriaId":"A86AA0C8-2C4F-4DDD-8371-6B43611E2479"},{"vulnerable":true,"criteria":"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*","versionStartIncluding":"1.44.0","versionEndExcluding":"1.44.5","matchCriteriaId":"EF7A60F6-5062-4094-91A5-71445F9B7BC1"}]}]}],"references":[{"url":"https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/metabase/metabase/commit/edadf7303c3b068609f57ca073e67885d5c98730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}