CVE-2022-39362 is a medium-severity vulnerability affecting multiple versions of Metabase, a popular open-source data visualization and business intelligence platform. The core issue lies in the product's user interface behavior prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, where unsaved SQL queries were automatically executed without explicit user consent. This behavior violates the principle of safe user interaction, categorized under CWE-356 (Product UI does not warn user of unsafe actions). Specifically, when users input ad-hoc native SQL queries in the Metabase query editor, the system would execute these queries automatically even if the user had not explicitly run them. This automatic execution could lead to unintended data exposure, data manipulation, or performance degradation, especially if the queries are complex or maliciously crafted. The vulnerability arises from the lack of a warning or confirmation prompt before executing potentially unsafe or unreviewed SQL commands. The issue has been addressed in the patched versions by changing the UI behavior: the native query editor now displays the query and requires the user to manually trigger execution, thereby preventing accidental or unintended query runs. There are no known exploits in the wild reported for this vulnerability, and no direct patch links were provided in the source information. The vulnerability affects a broad range of Metabase versions, including all versions prior to 0.41.9 and various incremental versions up to but not including the patched releases. Since Metabase is widely used for data analytics and visualization, this vulnerability could be leveraged by attackers who gain access to a Metabase instance to execute arbitrary SQL queries without user confirmation, potentially leading to data leakage or unauthorized data manipulation.

For European organizations, the impact of this vulnerability can be significant, particularly for those relying on Metabase for critical business intelligence and data analytics. Unauthorized or unintended execution of SQL queries could lead to exposure of sensitive data, including personal data protected under GDPR, financial information, or proprietary business intelligence. This could result in compliance violations, reputational damage, and financial penalties. Additionally, maliciously crafted queries could degrade database performance or cause denial of service conditions, impacting availability of analytics services. Organizations in sectors such as finance, healthcare, government, and telecommunications that use Metabase for data visualization are at higher risk due to the sensitivity of their data. The vulnerability also increases the attack surface if an attacker gains limited access to the Metabase UI, as they could execute harmful queries without additional authentication or user interaction beyond accessing the interface. However, since exploitation requires access to the Metabase interface, the risk is somewhat mitigated by existing access controls. Still, insider threats or compromised credentials could enable exploitation. The lack of user warnings increases the likelihood of accidental data exposure by legitimate users as well, which could lead to inadvertent data breaches.

European organizations should prioritize upgrading Metabase to the latest patched versions (0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, or 1.41.9 and above) to eliminate the automatic execution of unsaved SQL queries. Beyond patching, organizations should implement strict access controls to limit who can access the Metabase query editor, ideally restricting it to trusted users with a clear need for query execution privileges. Implementing multi-factor authentication (MFA) for Metabase access can reduce the risk of credential compromise. Monitoring and logging query execution activities within Metabase can help detect unusual or unauthorized query runs. Organizations should also conduct user training to raise awareness about safe query practices and the importance of reviewing queries before execution. Where possible, segregate environments so that ad-hoc query execution is restricted to development or testing environments, not production. Additionally, database-level permissions should be tightly controlled to limit the impact of any unauthorized query execution, for example by using read-only database users for Metabase connections where feasible. Finally, consider implementing network segmentation and firewall rules to restrict access to Metabase instances from untrusted networks.