Unrated severityNVD Advisory· Published Jul 21, 2023· Updated Aug 2, 2024
CVE-2023-38646
CVE-2023-38646
Description
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Metabase/Metabase open sourcedescription
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.htmlmitre
- github.com/metabase/metabase/issues/32552mitre
- github.com/metabase/metabase/releases/tag/v0.46.6.1mitre
- news.ycombinator.com/itemmitre
- www.metabase.com/blog/security-advisorymitre
News mentions
0No linked articles in our index yet.