Lucene search
PRIOn knowledge basePRION:CVE-2023-38646HistoryJul 21, 2023 - 3:15 p.m.
Design/Logic Flaw
2023-07-2115:15:00
PRIOn knowledge base
www.prio-n.com
28
metabase
arbitrary commands
server privilege
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server’s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References
packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html
github.com/metabase/metabase/issues/32552
github.com/metabase/metabase/releases/tag/v0.46.6.1
news.ycombinator.com/item?id=36812256
www.metabase.com/blog/security-advisory
Related
osv
osv
CVE-2023-38646
2023-07-21 15:15:10
githubexploit
githubexploit
Exploit for CVE-2023-38646
2023-08-09 14:05:24
Exploit for CVE-2023-38646
2024-02-20 01:51:47
Exploit for CVE-2023-38646
2023-07-30 01:12:24
packetstorm
packetstorm
Metabase 0.46.6 Remote Code Execution
2024-02-15 00:00:00
Metabase Remote Code Execution
2023-08-09 00:00:00
nuclei
nuclei
Metabase < 0.46.6.1 - Remote Code Execution
2023-07-28 19:49:14
thn
thn
exploitdb
exploitdb
Metabase 0.46.6 - Pre-Auth Remote Code Execution
2024-02-15 00:00:00
zdt
zdt
Metabase Remote Code Execution Exploit
2023-08-09 00:00:00
Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit
2024-02-17 00:00:00
nessus
nessus
Metabase RCE (CVE-2023-38646)
2024-01-22 00:00:00
cvelist
cvelist
CVE-2023-38646
2023-07-21 00:00:00
nvd
nvd
CVE-2023-38646
2023-07-21 15:15:10
cve
cve
CVE-2023-38646
2023-07-21 15:15:10
rapid7blog
rapid7blog
Metasploit weekly wrap-up
2023-08-11 15:22:20