Metabase Snowflake Connection Detail Logging Vulnerability

A vulnerability exists in Metabase, an open-source Business Intelligence and Embedded Analytics tool, where sensitive Snowflake connection details, including usernames and passwords, may be inadvertently logged by the Metabase backend. This issue arises when administrators update Snowflake connection information, such as passwords or authentication methods. Metabase does not consistently remove outdated connection details from the application database. To clear stale information, Metabase tests each connection method individually, purging all others from the database. Upon successfully establishing a connection, Metabase logs the connection details, including sensitive credentials, to the console. This vulnerability affects Metabase versions 0.52.12 prior to 0.52.17.1, 1.52.12 prior to 1.52.17.1, 0.53.2.3 prior to 0.53.9.5, 1.53.2.3 prior to 1.53.9.5, 0.54.x prior to 0.54.1.5, and 1.54.x prior to 1.54.1.5. The issue has been patched in versions 0.52.17.1, 0.53.9.5, 0.54.1.5, 1.52.17.1, 1.53.9.5, and 1.54.1.5.

Impact

This vulnerability could lead to the unintentional exposure of Snowflake credentials in the Metabase application logs, where they could be accessed by anyone with the ability to view the logs.

Remediation

To address this vulnerability, users can update to Metabase versions 0.52.17.1, 0.53.9.5, 0.54.1.5, 1.52.17.1, 1.53.9.5, or 1.54.1.5. Additionally, as a temporary measure, users can change the log level in the log4j2.xml configuration file to 'WARN' for the 'metabase.models.database' logger, which will prevent Snowflake credentials from being logged.