Lucene search
MitreCVELIST:CVE-2023-38646HistoryJul 21, 2023 - 12:00 a.m.
CVE-2023-38646
2023-07-2100:00:00
mitre
www.cve.org
1
metabase
security vulnerability
arbitrary commands
exploitation
privilege escalation
authentication
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server’s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References
packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html
github.com/metabase/metabase/issues/32552
github.com/metabase/metabase/releases/tag/v0.46.6.1
news.ycombinator.com/item?id=36812256
www.metabase.com/blog/security-advisory
Related
osv
osv
CVE-2023-38646
2023-07-21 15:15:10
githubexploit
githubexploit
Exploit for CVE-2023-38646
2023-08-09 14:05:24
Exploit for CVE-2023-38646
2024-02-20 01:51:47
Exploit for CVE-2023-38646
2023-07-30 01:12:24
packetstorm
packetstorm
Metabase 0.46.6 Remote Code Execution
2024-02-15 00:00:00
Metabase Remote Code Execution
2023-08-09 00:00:00
prion
prion
Design/Logic Flaw
2023-07-21 15:15:00
nuclei
nuclei
Metabase < 0.46.6.1 - Remote Code Execution
2023-07-28 19:49:14
thn
thn
exploitdb
exploitdb
Metabase 0.46.6 - Pre-Auth Remote Code Execution
2024-02-15 00:00:00
zdt
zdt
Metabase Remote Code Execution Exploit
2023-08-09 00:00:00
Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit
2024-02-17 00:00:00
nessus
nessus
Metabase RCE (CVE-2023-38646)
2024-01-22 00:00:00
nvd
nvd
CVE-2023-38646
2023-07-21 15:15:10
cve
cve
CVE-2023-38646
2023-07-21 15:15:10
rapid7blog
rapid7blog
Metasploit weekly wrap-up
2023-08-11 15:22:20