← voltar
CVE-2023-38646

CVE-2023-38646

EPSS 97.9%
Vexday Risk Score
40Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 97.9%KEV nãoPoC Nuclei simMetasploit simPatch
Ciclo de vida
21 jul 2023Publicada no NVD
22 jul 2023Exploit Metasploit disponível
Recomendação: Planejar correção próxima — já existe PoC pública.
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.htmlhttps://github.com/metabase/metabase/issues/32552https://github.com/metabase/metabase/releases/tag/v0.46.6.1https://news.ycombinator.com/item?id=36812256https://www.metabase.com/blog/security-advisory