Hello together,
in the current JAR version of Metabase (0.31.1) there exist multiple vulnerabilities:
High (CVSS: 7.5)
NVT: Eclipse Jetty Server Fake Pipeline Request Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.813551)
Medium (CVSS: 5.0)
NVT: Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.813552)
As mention the suggested solution is to upgrade it to the newest version. Could you please upgrade it during the next releases or is there a way to do it on our own without compiling the whole source code?
Furthermore is it possible to deactivate HTTP while HTTPS is used?
Thank you very much.