Authors: Maxwell Garrett, Shubham Shah, and h00die
Type: Exploit Pull request:#18232 contributed by h00die Path:exploits/linux/http/metabase_setup_token_rce
AttackerKB reference: CVE-2023-38646
Description: This adds a module for an unauthenticated RCE against Metabase. Metabase versions before 0.46.6.1 contain a bug where an unauthenticated user can retrieve a setup-token. With this, they can query an API endpoint to setup a new database, then inject an H2 connection string RCE.
Modules which have either been enhanced, or renamed:
exploits/freebsd/http/citrix_formssso_target_rce
module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17. This module now supports automatic targeting based on the Last-Modified
header of the logon/fonts/citrix-fonts.css
resource.exploits/solaris/ssh/pam_username_bof
docs.EC2_ID
module option is validated.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).