CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html
http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html
https://github.com/metabase/metabase/issues/32552	Issue Tracking
https://github.com/metabase/metabase/releases/tag/v0.46.6.1	Release Notes
https://news.ycombinator.com/item?id=36812256	Issue Tracking
https://www.metabase.com/blog/security-advisory	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:metabase:metabase:::::-:::*
	cpe:2.3:a:metabase:metabase:::::enterprise:::*
	cpe:2.3:a:metabase:metabase:::::-:::*
	cpe:2.3:a:metabase:metabase:::::-:::*
	cpe:2.3:a:metabase:metabase:::::-:::*
	cpe:2.3:a:metabase:metabase:::::enterprise:::*
	cpe:2.3:a:metabase:metabase:::::enterprise:::*
	cpe:2.3:a:metabase:metabase:::::enterprise:::*

History

No history.

Information

Published : 2023-07-21 15:15

Updated : 2024-02-15 16:15

NVD link : CVE-2023-38646

Mitre link : CVE-2023-38646

CVE.ORG link : CVE-2023-38646

JSON object : View

Products Affected

metabase

metabase

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-38646", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-07-21T15:15:10.003", "references": [{"url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html", "source": "cve@mitre.org"}, {"url": "https://github.com/metabase/metabase/issues/32552", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/metabase/metabase/releases/tag/v0.46.6.1", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://news.ycombinator.com/item?id=36812256", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://www.metabase.com/blog/security-advisory", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2."}], "lastModified": "2024-02-15T16:15:45.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "5AE3BE02-E7B9-43CB-8FBA-001F5D8E24ED", "versionEndExcluding": "0.43.7.2"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6591576F-15AC-493F-96B4-6F3E1E5D1350", "versionEndExcluding": "1.43.7.2"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "90CEC6C0-C2EE-496D-BBE0-DBC83717F211", "versionEndExcluding": "0.44.7.1", "versionStartIncluding": "0.44.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "EC4D0A9A-F084-403A-83BF-F1C56470B845", "versionEndExcluding": "0.45.4.1", "versionStartIncluding": "0.45.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "BEA5EEF8-7F70-4D40-9EB6-8BB5226E281E", "versionEndExcluding": "0.46.6.1", "versionStartIncluding": "0.46.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "825F5E14-49FC-4A8A-87FE-FA039D121F99", "versionEndExcluding": "1.44.7.1", "versionStartIncluding": "1.44.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C20D76CF-15B4-49C3-8F3A-8417B5C8016B", "versionEndExcluding": "1.45.4.1", "versionStartIncluding": "1.45.0"}, {"criteria": "cpe:2.3:a:metabase:metabase:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "47767C52-13CC-4164-84DC-54E3BDC1C590", "versionEndExcluding": "1.46.6.1", "versionStartIncluding": "1.46.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}