CVE-2023-38646
CVE-2023-38646
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 97.9%KEV nãoPoC —Nuclei simMetasploit simPatch —
Ciclo de vida
21 jul 2023Publicada en NVD
22 jul 2023Exploit Metasploit disponible
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.htmlhttps://github.com/metabase/metabase/issues/32552https://github.com/metabase/metabase/releases/tag/v0.46.6.1https://news.ycombinator.com/item?id=36812256https://www.metabase.com/blog/security-advisory