Lucene search
GoogleOSV:CVE-2023-38646HistoryJul 21, 2023 - 3:15 p.m.
CVE-2023-38646
2023-07-2115:15:10
Google
osv.dev
16
metabase
arbitrary command execution
server privilege
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server’s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References
packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html
github.com/metabase/metabase/issues/32552
github.com/metabase/metabase/releases/tag/v0.46.6.1
news.ycombinator.com/item?id=36812256
www.metabase.com/blog/security-advisory
Related
nessus
nessus
Metabase RCE (CVE-2023-38646)
2024-01-22 00:00:00
nvd
nvd
CVE-2023-38646
2023-07-21 15:15:10
githubexploit
githubexploit
Exploit for CVE-2023-38646
2023-11-07 03:57:15
Exploit for CVE-2023-38646
2023-07-31 05:25:37
Exploit for CVE-2023-38646
2023-11-25 17:22:22
cvelist
cvelist
CVE-2023-38646
2023-07-21 00:00:00
packetstorm
packetstorm
Metabase Remote Code Execution
2023-08-09 00:00:00
Metabase 0.46.6 Remote Code Execution
2024-02-15 00:00:00
prion
prion
Design/Logic Flaw
2023-07-21 15:15:00
metasploit
metasploit
Metabase Setup Token RCE
2023-08-08 21:16:56
zdt
zdt
Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit
2024-02-17 00:00:00
Metabase Remote Code Execution Exploit
2023-08-09 00:00:00
cve
cve
CVE-2023-38646
2023-07-21 15:15:10
nuclei
nuclei
Metabase < 0.46.6.1 - Remote Code Execution
2023-07-28 19:49:14
thn
thn
exploitdb
exploitdb
Metabase 0.46.6 - Pre-Auth Remote Code Execution
2024-02-15 00:00:00
rapid7blog
rapid7blog
Metasploit weekly wrap-up
2023-08-11 15:22:20