Vulnerability CVE-2023-38646
Published: 2023-07-21

Description:
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

See advisories in our WLB2 database:
Topic
Author
Date
High
Metabase 0.46.6 Remote Code Execution
Musyoka Ian
18.02.2024

 References:
https://news.ycombinator.com/item?id=36812256
https://github.com/metabase/metabase/releases/tag/v0.46.6.1
https://www.metabase.com/blog/security-advisory
Copyright 2024, cxsecurity.com

 

Back to Top