Ranquild

**Name of the Vulnerable Software and Affected Versions** Metabase versions prior to 0.44.5 Metabase versions prior to 1.44.5 Metabase versions prior to 0.43.7 Metabase versions prior to 1.43.7 Metabase versions prior to 0.42.6 Metabase versions prior to 1.42.6 **Description** The issue allows circumvention of locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. **Recommendations** For Metabase versions prior to 0.44.5, update to version 0.44.5 or later. For Metabase versions prior to 1.44.5, update to version 1.44.5 or later. For Metabase versions prior to 0.43.7, update to version 0.43.7 or later. For Metabase versions prior to 1.43.7, update to version 1.43.7 or later. For Metabase versions prior to 0.42.6, update to version 0.42.6 or later. For Metabase versions prior to 1.42.6, update to version 1.42.6 or later.

**Name of the Vulnerable Software and Affected Versions** Metabase versions prior to 0.41.9 and 1.41.9 Metabase versions prior to 0.42.6 and 1.42.6 Metabase versions prior to 0.43.7 and 1.43.7 Metabase versions prior to 0.44.5 and 1.44.5 **Description** The issue allows single sign on (SSO) users to perform password resets on Metabase, potentially granting access without going through the SSO IdP. **Recommendations** For versions prior to 0.41.9 and 1.41.9, update to version 0.41.9 or 1.41.9 to patch the issue. For versions prior to 0.42.6 and 1.42.6, update to version 0.42.6 or 1.42.6 to patch the issue. For versions prior to 0.43.7 and 1.43.7, update to version 0.43.7 or 1.43.7 to patch the issue. For versions prior to 0.44.5 and 1.44.5, update to version 0.44.5 or 1.44.5 to patch the issue.