Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References
Configurations
Configuration 1 (hide)
|
History
15 Feb 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Aug 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jul 2023, 18:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:* cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:* |
|
References | (MISC) https://www.metabase.com/blog/security-advisory - Vendor Advisory | |
References | (MISC) https://github.com/metabase/metabase/issues/32552 - Issue Tracking | |
References | (MISC) https://github.com/metabase/metabase/releases/tag/v0.46.6.1 - Release Notes | |
References | (MISC) https://news.ycombinator.com/item?id=36812256 - Issue Tracking | |
First Time |
Metabase
Metabase metabase |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
22 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jul 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-21 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-38646
Mitre link : CVE-2023-38646
CVE.ORG link : CVE-2023-38646
JSON object : View
Products Affected
metabase
- metabase
CWE