Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-38646

Description

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

POC

Reference

- http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html

Github

- https://github.com/0utl4nder/Another-Metabase-RCE-CVE-2023-38646

- https://github.com/0xabdoulaye/CTFs-Journey

- https://github.com/0xrobiul/CVE-2023-38646

- https://github.com/20142995/sectool

- https://github.com/Anekant-Singhai/Exploits

- https://github.com/AnvithLobo/CVE-2023-38646

- https://github.com/Any3ite/cve-2023-38646-metabase-ReverseShell

- https://github.com/Awrrays/FrameVul

- https://github.com/Boogipop/MetabaseRceTools

- https://github.com/BreezeGalaxy/CVE-2023-38646

- https://github.com/CN016/Metabase-H2-CVE-2023-38646-

- https://github.com/Chocapikk/CVE-2023-38646

- https://github.com/DaniTheHack3r/CVE-2023-38646

- https://github.com/DarkFunct/CVE_Exploits

- https://github.com/Ego1stoo/CVE-2023-38646

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/JayRyz/CVE-2023-38646-PoC-Metabase

- https://github.com/LazyySec/CVE-2023-38646

- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection

- https://github.com/Loginsoft-Research/Linux-Exploit-Detection

- https://github.com/Micky1warrior/metabase-pre-auth-rce-poc

- https://github.com/Mrunalkaran/CVE-2023-38646

- https://github.com/MzzdToT/HAC_Bored_Writing

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Pumpkin-Garden/POC_Metabase_CVE-2023-38646

- https://github.com/Pyr0sec/CVE-2023-38646

- https://github.com/Red4mber/CVE-2023-38646

- https://github.com/SUT0L/CVE-2023-38646

- https://github.com/Shisones/MetabaseRCE_CVE-2023-38646

- https://github.com/Spectral-Source/Collaborator-like

- https://github.com/SrcVme50/Analytics

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/CVE

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/XiaomingX/cve-2023-38646-poc

- https://github.com/Xuxfff/CVE-2023-38646-Poc

- https://github.com/Zenmovie/CVE-2023-38646

- https://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646-

- https://github.com/adriyansyah-mf/metabase

- https://github.com/alexandre-pecorilla/CVE-2023-38646

- https://github.com/asepsaepdin/CVE-2023-38646

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/bigblackhat/oFx

- https://github.com/birdm4nw/CVE-2023-38646

- https://github.com/cc8700619/poc

- https://github.com/churamanib/metabase-pre-auth-rce-poc-

- https://github.com/cyberwithcyril/VulhubPenTestingReport

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap

- https://github.com/fidjiw/CVE-2023-38646-POC

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/getdrive/PoC

- https://github.com/ggjkjk/1444

- https://github.com/gobysec/Research

- https://github.com/hadrian3689/metabase_preauth_rce

- https://github.com/hheeyywweellccoommee/CVE-2023-38646-glwax

- https://github.com/hheeyywweellccoommee/CVE-2023-38646-hmoje

- https://github.com/hheeyywweellccoommee/CVE-2023-38646-suynl

- https://github.com/hktalent/bug-bounty

- https://github.com/ibaiw/2023Hvv

- https://github.com/iluaster/getdrive_PoC

- https://github.com/int3x/ctf-writeups

- https://github.com/j0yb0y0h/CVE-2023-38646

- https://github.com/joaoviictorti/CVE-2023-38646

- https://github.com/junnythemarksman/CVE-2023-38646

- https://github.com/kh4sh3i/CVE-2023-38646

- https://github.com/lazysec0x21/CVE-2023-38646

- https://github.com/m3m0o/metabase-pre-auth-rce-poc

- https://github.com/massco99/Analytics-htb-Rce

- https://github.com/mikuyaQAQ/23NBugRange

- https://github.com/nenandjabhata/CTFs-Journey

- https://github.com/niTROCket51/ctf-writeups

- https://github.com/nickswink/CVE-2023-38646

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/passwa11/2023Hvv_

- https://github.com/passwa11/CVE-2023-38646

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/qiuluo-oss/Tiger

- https://github.com/raytheon0x21/CVE-2023-38646

- https://github.com/robotmikhro/CVE-2023-38646

- https://github.com/samurai411/toolbox

- https://github.com/securezeron/CVE-2023-38646

- https://github.com/securitycipher/daily-bugbounty-writeups

- https://github.com/shamo0/CVE-2023-38646-PoC

- https://github.com/syr1ne/exploits

- https://github.com/threatHNTR/CVE-2023-38646

- https://github.com/xchg-rax-rax/CVE-2023-38646

- https://github.com/xxRON-js/Collaborator-like

- https://github.com/yxl2001/CVE-2023-38646

- https://github.com/zhanpengliu-tencent/medium-cve