Lucene search
GoogleOSV:CVE-2023-38646HistoryJul 21, 2023 - 3:15 p.m.
CVE-2023-38646
2023-07-2115:15:10
Google
osv.dev
9
metabase
arbitrary command execution
server privilege
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server’s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References
packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html
github.com/metabase/metabase/issues/32552
github.com/metabase/metabase/releases/tag/v0.46.6.1
news.ycombinator.com/item?id=36812256
www.metabase.com/blog/security-advisory
Related
githubexploit
githubexploit
Exploit for CVE-2023-38646
2024-02-20 01:51:47
Exploit for CVE-2023-38646
2023-07-30 01:12:24
Exploit for CVE-2023-38646
2023-08-09 14:05:24
prion
prion
Design/Logic Flaw
2023-07-21 15:15:00
packetstorm
packetstorm
Metabase 0.46.6 Remote Code Execution
2024-02-15 00:00:00
Metabase Remote Code Execution
2023-08-09 00:00:00
nuclei
nuclei
Metabase < 0.46.6.1 - Remote Code Execution
2023-07-28 19:49:14
thn
thn
zdt
zdt
Metabase Remote Code Execution Exploit
2023-08-09 00:00:00
Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit
2024-02-17 00:00:00
exploitdb
exploitdb
Metabase 0.46.6 - Pre-Auth Remote Code Execution
2024-02-15 00:00:00
nessus
nessus
Metabase RCE (CVE-2023-38646)
2024-01-22 00:00:00
cvelist
cvelist
CVE-2023-38646
2023-07-21 00:00:00
nvd
nvd
CVE-2023-38646
2023-07-21 15:15:10
cve
cve
CVE-2023-38646
2023-07-21 15:15:10
rapid7blog
rapid7blog
Metasploit weekly wrap-up
2023-08-11 15:22:20