* What happened?
We were informed by a third party security researcher that they discovered a vulnerability in Metabase.
* What is the severity of the vulnerability?
Extremely severe. An unauthenticated attacker can run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on.
* Has this been exploited?
To the best of our current knowledge, there has been no known exploitation of this vulnerability. We audited our own systems, and were not able to find any malicious use of this.
* What happened? We were informed by a third party security researcher that they discovered a vulnerability in Metabase.
* What is the severity of the vulnerability? Extremely severe. An unauthenticated attacker can run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on.
* Has this been exploited? To the best of our current knowledge, there has been no known exploitation of this vulnerability. We audited our own systems, and were not able to find any malicious use of this.