Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Metabase Local File Inclusion (CVE-2021-41277) - Vulnerability Database

Metabase Local File Inclusion (CVE-2021-41277)

Description

Invicti determined that it was possible to access Metabase's sensitive files without authentication.

Remediation

Upgrade to the latest version of Metabase

References

GeoJSON URL validation can expose server files and environment variables to unauthorized users

Related Vulnerabilities

Local File Inclusion High
Common tags: File Inclusion
WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2) High
Common tags: File Inclusion
WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Local File Inclusion (1.4.3) High
Common tags: File Inclusion
WordPress Plugin WP Rocket Local File Inclusion (2.10.3) High
Common tags: File Inclusion
WordPress Plugin Booking Calendar Local File Inclusion (7.0) High
Common tags: File Inclusion

Severity

High

Classification

CVE-2021-41277
CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

File Inclusion