NTLM Attack in Metabase CVE-2022-24853
Metabase GeoJSON API Endpoint Back in September 2021, Metabase released a security announcement regarding its GeoJSON API endpoint: GeoJSON URL validation can expose server files and environment variables to unauthorized users We’ve discovered a potential security issue with the custom GeoJSON map (admin->settings->maps->custom maps->add a map) support and potential local file inclusion (including environment variables).
Continue Reading „NTLM Attack in Metabase CVE-2022-24853“