Przekazujemy ważną informacje od Metabase z rekomendacja aktualizacji
An independent security researcher submitted a severe issue with Metabase. We generally don’t email about every bug, but this one is dangerous so we want to make sure that we reach out on all channels to our community to let them know that they should pay attention to this.
While we have no evidence that the vulnerability was ever exploited in the wild, and exploiting this vulnerability isn’t simple, if you are self-hosting Metabase, you should IMMEDIATELY update your Metabase instances if you have not already.
The vulnerability
The vulnerability allows an authenticated user (including embedding users) to retrieve sensitive information from a Metabase instance, including database access credentials. You can view the security advisory in full at https://github.com/metabase/metabase/security/advisories/GHSA-vcj8-rcm8-gfj9
Metabase Security Vulnerability Notification