How severe is CVE-2022-24854?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-24854?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2022-24854

HIGH Year: 2022

CVSS v3 Score

8.8

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-610

View all →

Vulnerability Description

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you're unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected.

CVE-2021-27648

HIGH

CVSS:8.8(High)

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via ...

CWE-6102021

CVE-2021-30245

HIGH

CVSS:8.8(High)

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link...

CWE-6102021

CVE-2021-43844

HIGH

CVSS:8.8(High)

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifical...

CWE-6102021

CVE-2024-45826

HIGH

CVSS:8.8(High)

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can...

CWE-6102024

CVE-2022-27593

CRITICAL

CVSS:9.1(Critical)

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have al...

CWE-6102022

CVE-2024-32980

CRITICAL

CVSS:9.1(Critical)

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a sp...

CWE-6102024

CVE-2022-24854

Vulnerability Description

Related Vulnerabilities

CVE-2021-27648

CVE-2021-30245

CVE-2021-43844

CVE-2024-45826

CVE-2022-27593

CVE-2024-32980