top | item 36813779 (no title) JJJollyjim | 2 years ago Presumably the metabase instance also has credentials to access some databases, some of which may be have enough privileges to also get RCE on the database machines (as well as messing with the data they hold). discuss order hn newest Dachande663|2 years ago We issue separate read-only credentials for database access fortunately. Still doesn't remove the risk of all the data been exfiltrated though.
Dachande663|2 years ago We issue separate read-only credentials for database access fortunately. Still doesn't remove the risk of all the data been exfiltrated though.
Dachande663|2 years ago