CVSS | |
---|---|
DESCRIPTION | Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. |
HEAT SCORE | 599 |
DATE | TWEETS | USER |
---|---|---|
2022-03-24 05:30:33 | @RajaNagori7 Wow how about this one CVE-2021-41277 cat targets.txt| while read host do;do curl --silent --insecur… https://t.co/ih6GQAZsyu https://twitter.com/i/web/status/1506864720820662276 | GrinchInsurtec |
2022-02-11 14:10:57 | CVE-2021-41277 Metabase is an open source data analytics platform. In affected versions...… https://t.co/h28t3CeR3g https://twitter.com/i/web/status/1492137185520369669 | VulmonFeeds |
2022-01-27 19:31:10 | Metabase security update-CVE-2021-41277 - https://t.co/wFRLcWxsOg https://www.redpacketsecurity.com/metabase-security-update-cve-2021-41277/ | RedPacketSec |
2022-01-10 02:20:04 | CVE-2021-41277 Metabase is an open source data analytics platform. In affected v... https://t.co/rSUAIYpwzO Cust… https://t.co/UGxdfrUysJ http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-41277 https://twitter.com/i/web/status/1480362193782726658 | VulmonFeeds |
2021-12-31 16:03:19 | CVE-2021-41277 MetaBase Arbitrary File Read https://t.co/0WzDZxW5Ff https://t.co/1EXLxjBshZ https://www.reddit.com/r/netsec/comments/qyjmgq/cve202141277_metabase_arbitrary_file_read/?utm_source=dlvr.it&utm_medium=twitter | techadversary |
2021-12-21 13:52:45 | CVE-2021-41277 Metabase Local File Inclusion https://t.co/RyvgOhsHlJ https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml | reverseame |
2021-12-11 08:13:27 | @metabase ehy guys, considering the lack of transparency of metabase about CVE-2021-41277, is there anything we s… https://t.co/0mSX8e5xi2 https://twitter.com/i/web/status/1469576668641701899 | adolphinxyz |
2021-12-06 20:21:14 | Exploit for ['CVE-2021-41277'] exploit https://t.co/hSUmNETdBO https://t.co/Y2SfrXVegh https://ift.tt/31ElRq7 https://ift.tt/3dp3qbA | buaqbot |
2021-12-06 19:31:08 | Metabase CVE-2021-41277 https://t.co/JoZOd6qJJU #infosec #cybersecurity https://github.com/Vulnmachines/Metabase_CVE-2021-41277 | RapidSafeguard |
2021-11-25 13:00:08 | @HackerGautam I think @trick3st is way better for #CVE-2021-41277 #bugbountytips https://t.co/ejYEeZQQB8 | milanshiftsec |
2021-11-24 19:42:53 | ■■■■■ Zero-Day | CVE-2021-41277 cat targets.txt | while read host do;do curl --silent --insecure --path-as-is "$ho… https://t.co/HSfGZUairF https://twitter.com/i/web/status/1463591650643652609 | cKure7 |
2021-11-24 16:50:40 | CVE-2021-41277 🔥👇 ✅ One Liner : cat targets.txt| while read host do;do curl --silent --insecure --path-as-is "$h… https://t.co/FiXmhMObSq https://twitter.com/i/web/status/1463548181904457730 | HackerGautam |
2021-11-24 10:42:17 | 🚩New vulnerability: Metabase Arbitrary File Read (CVE-2021-41277) (RedTeam version)#Goby #CVE More Vulnerabilitie… https://t.co/bK2n8trHjU https://twitter.com/i/web/status/1463454928483930122 | GobySec |
2021-11-24 10:01:47 | Metabase_CVE-2021-41277 Payload ⤵️ https://t.co/JoZOd6qJJU #infosec #cybersecurity https://t.co/9xrLNGulwL https://github.com/Vulnmachines/Metabase_CVE-2021-41277 | RapidSafeguard |
2021-11-23 18:32:28 | CVE-2021-41277 https://t.co/ehh40ffIOt #HarsiaInfo https://har-sia.info/CVE-2021-41277.html | Har_sia |
2021-11-23 16:24:21 | Severity: 🔥🔥 | Metabase is an open source data analytic... | CVE-2021-41277 | Link for more: https://t.co/0Z4Gqp4uq6 http://alerts.remotelyrmm.com/CVE-2021-41277 | RemotelyAlerts |
2021-11-23 16:01:13 | New post from https://t.co/uXvPWJy6tj (CVE-2021-41277 (metabase)) has been published on https://t.co/DeH2R2sjSK http://www.sesin.at https://www.sesin.at/2021/11/23/cve-2021-41277-metabase/ | WolfgangSesin |
2021-11-23 16:01:02 | New post from https://t.co/9KYxtdZjkl (CVE-2021-41277 (metabase)) has been published on https://t.co/knTBP1HzWe http://www.sesin.at https://www.sesin.at/2021/11/23/cve-2021-41277-metabase/ | www_sesin_at |
2021-11-23 16:00:36 | CVE-2021-41277 - https://t.co/tMhL4UPrpF #Uncategorized #cybersecurity https://www.redpacketsecurity.com/cve-2021-41277/ | RedPacketSec |
2021-11-23 15:10:49 | CVE-2021-41277 https://t.co/ehh40ffaYV #HarsiaInfo https://har-sia.info/CVE-2021-41277.html | Har_sia |
2021-11-23 14:50:16 | 🚨 NEW: CVE-2021-41277 🚨 Metabase is an open source data analytics platform. In affected versions a security issue h… https://t.co/vmcIhosCz7 https://twitter.com/i/web/status/1463157775782006796 | threatintelctr |
2021-11-23 00:51:08 | 14 new OPEN, 26 new PRO (14 + 12). CVE-2021-41277, CVE-2021-42321, CobaltStrike, Candiru, Various Others. Thanks… https://t.co/QA9QFLkTCs https://twitter.com/i/web/status/1462945889530568708 | ET_Labs |
2021-11-23 00:30:37 | Exploit for CVE-2021-41277 https://t.co/JzUwBHe9jO #Exploit #Sploitus https://sploitus.com/exploit?id=A45EBD6B-F466-52E0-B3AD-4EF6DCAFF37E | sploitus_com |
2021-11-22 21:30:32 | expbox/CVE-2021-41277.yaml at main · 0x0021h/expbox · GitHub https://t.co/0nocVKzcLa https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml | Securityblog |
2021-11-22 15:10:25 | CVE-2021-41277 https://t.co/ehh40ffIOt #HarsiaInfo https://har-sia.info/CVE-2021-41277.html | Har_sia |
2021-11-22 14:20:34 | @daffainfo @shaybt12 cat domains.mkd | httpx | nuclei -t nuclei-templates/cves/2021/CVE-2021-41277.yaml why not this?? | Jacklsd1 |
2021-11-22 10:50:12 | CVE-2021-41277: Metabase local file inclusion vulerability alert https://t.co/TsMZwFO5bG #opensource #infosec #security #pentest https://securityonline.info/cve-2021-41277-metabase-local-file-inclusion-vulerability-alert/ | the_yellow_fall |
2021-11-22 10:50:06 | CVE-2021-41277: Metabase local file inclusion vulerability alert https://t.co/d7ntLaScX3 https://t.co/chDcBPways http://dlvr.it/SCygSs | AcooEdi |
2021-11-22 09:00:10 | #bugbountytips #bugbounty #CVE-2021-41277 Metabase Custom GeoJSON Map file inclusion https://domain/api/geojson?u… https://t.co/l5aElFAyR1 https://twitter.com/i/web/status/1462706241075957767 | cycatz2 |
2021-11-22 02:30:06 | CVE-2021-41277 MetaBase Arbitrary File Read MetaBase < 0.40.5 1.0.0 <= MetaBase < 1.40.5 https://t.co/l0dtoASpMs… https://t.co/tNOn17iUMd https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml https://twitter.com/i/web/status/1462607917027184642 | NandanLohitaksh |
2021-11-21 18:40:06 | Tips to ur hunts! httpx for CVE-2021-41277, look: httpx -l IPlist.txt -follow-redirects -title -path /api/geojson?… https://t.co/m70u4FrVCb https://twitter.com/i/web/status/1462489182090182657 | SidiJunior |
2021-11-21 15:10:17 | CVE-2021-41277 https://t.co/ehh40ffIOt #HarsiaInfo https://har-sia.info/CVE-2021-41277.html | Har_sia |
2021-11-21 15:00:03 | @youlookdreamy on list of IP its find if there vuln to CVE-2021-41277 if you give it automtion with shodan and nuc… https://t.co/oJqjpaIVnG https://twitter.com/i/web/status/1462435166375366666 | shaybt12 |
2021-11-21 13:50:05 | @shaybt12 echo "https://t.co/6jKKc48dKf" | httpx | nuclei -t nuclei-templates/cves/2021/CVE-2021-41277.yaml U can do this too! http://site.com | daffainfo |
2021-11-21 12:30:07 | Заметки Gebutcher https://t.co/xs9yAeHjtB Произвольное чтение файлов в Metabase (CVE-2021-41277) Metabase - это пл… https://t.co/OSfJvClUSs https://t.me/gebutcher/5400 https://twitter.com/i/web/status/1462397155725955083 | gebutcher |
2021-11-21 12:10:07 | Произвольное чтение файлов в Metabase (CVE-2021-41277) Metabase - это платформа для анализа данных с открытым исход… https://t.co/tVIjYTxHmZ https://twitter.com/i/web/status/1462391474406973446 | hack_git |
2021-11-21 06:10:05 | #CVE-2021-41277: MetaBase Arbitrary File Read https://t.co/vheHCACeX5 #exploit https://t.co/plcfhzsbFc https://t.co/p05UaQ0YmK https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml https://t.me/hackgit/2039 | hack_git |
2021-11-21 02:50:06 | New post: "CVE-2021-41277 MetaBase Arbitrary File Read" https://t.co/LjPvvUctCO https://ift.tt/30SpsRo | Myinfosecfeed |
2021-11-21 02:00:05 | CVE-2021-41277 MetaBase Arbitrary File Read via /r/netsec https://t.co/vLYOZZrVjk #cybersecurity #netsec #news https://ift.tt/3DJXp5a | CybrXx0 |
2021-11-21 01:30:13 | CVE-2021-41277 MetaBase Arbitrary File Read https://t.co/ovYMVELLXi https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml | _r_netsec |
2021-11-21 01:20:14 | CVE-2021-41277 MetaBase Arbitrary File Read MetaBase < 0.40.5 1.0.0 <= MetaBase < 1.40.5 https://t.co/TtJHu6lvr1… https://t.co/hhhHyziUzR https://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml https://twitter.com/i/web/status/1462228254702641158 | 0x0021h |
2021-11-20 18:10:09 | httpx for CVE-2021-41277 httpx -l IPlist.txt -follow-redirects -title -path /api/geojson?url=file:///etc/passwd -m… https://t.co/fQ9nvJLRIL https://twitter.com/i/web/status/1462120496129003522 | shaybt12 |
2021-11-20 13:41:01 | heuheu 😉 CVE-2021-41277 https://t.co/9qpik89abI | Wayc0de |
2021-11-20 12:20:09 | If you use Metabase < 0.40.5 you should patch your instance ASAP CVE-2021-41277 (Metabase LFI) is very easy to ex… https://t.co/v0mdxtepHk https://twitter.com/i/web/status/1462030479071318017 | mercuryheavens |
2021-11-20 11:20:14 | CVE-2021-41277 POC Metabase is an open source data analytics platform. In affected versions a security issue has be… https://t.co/EBWTmnsca0 https://twitter.com/i/web/status/1462016005174140938 | Mohamed87Khayat |
2021-11-20 05:10:06 | Metabase 敏感信息泄露 CVE-2021-41277 GET /api/geojson?url=file:/etc/passwd HTTP/1.1 Host: ... https://t.co/0jJqDHIr9e | 90security |
2021-11-19 15:37:10 | Metabase File read CVE-2021-41277 https://t.co/JD89hVu24I | r4v3zn |
2021-11-18 00:43:26 | New post from https://t.co/uXvPWJy6tj (CVE-2021-41277) has been published on https://t.co/c9lbMqyFey http://www.sesin.at https://www.sesin.at/2021/11/18/cve-2021-41277/ | WolfgangSesin |
2021-11-18 00:42:26 | New post from https://t.co/9KYxtdZjkl (CVE-2021-41277) has been published on https://t.co/0elHOPWCmg http://www.sesin.at https://www.sesin.at/2021/11/18/cve-2021-41277/ | www_sesin_at |
2021-11-17 23:20:35 | Let the annals of the day show that CVE-2021-41277... has been granted the moniker Thankless Mojarra https://t.co/iBD0k2jadY https://nvd.nist.gov/vuln/detail/CVE-2021-41277 | vulnonym |
2021-11-17 22:20:57 | CVE-2021-41277 Metabase is an open source data analytics platform. In af... https://t.co/rSUAIYpwzO Don't wait v… https://t.co/9InZF6mhxS http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-41277 https://twitter.com/i/web/status/1461095849178673154 | VulmonFeeds |
2021-11-17 20:50:14 | CVE-2021-41277 Metabase is an open source data analytics platform. In affected versions a security issue has been d… https://t.co/vzLpKLZb40 https://twitter.com/i/web/status/1461073016973111303 | CVEnew |
2021-11-17 20:20:10 | CVE-2021-41277 : Metabase is an open source data analytics platform. In affected versions a security issue has been… https://t.co/1fCQ8Tcntz https://twitter.com/i/web/status/1461066257323724811 | CVEreport |