Metabase - Remote Code Execution (CVE-2023-38646)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Metabase open source versions before 0.46.6.1 and Metabase Enterprise versions before 1.46.6.1 are vulnerable to CVE-2023-33246, a Remote Code Execution vulnerability. The root cause of this vulnerability is that the setup token is not cleared after the setup is completed. This allows an unauthenticated attacker to get the setup token and use it to execute commands on the target remotely.
- Risk description
The risk exists that an unauthenticated remote attacker could gain Remote Code Execution access which will result in a fully compromised server through which they could steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Update Metabse to one of the currently fixed versions.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jul 2023
- Published at
- Updated at
- Software Type
- Data instrumentation, visualization, and querying
- Vendor
- Metabase
- Product
- Metabase