一、 漏洞 CVE-2023-38646 基础信息
漏洞信息
                                        # N/A

## 概述
Metabase的开源版本和企业版存在一个漏洞,允许攻击者在服务器上执行任意命令,并以服务器的权限级别运行。该漏洞无需认证即可被利用。

## 影响版本
- 开源版本:0.46.6.1之前的所有版本
- 企业版:1.46.6.1之前的所有版本

其他修复版本包括:
- 0.45.4.1
- 1.45.4.1
- 0.44.7.1
- 1.44.7.1
- 0.43.7.2
- 1.43.7.2

## 细节
攻击者可以在未授权的情况下在目标服务器上执行任意命令,这些命令将以服务器的权限级别执行。

## 影响
该漏洞允许攻击者完全控制服务器,可能导致数据泄露、破坏、篡改或其他恶意活动。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Metabase 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Metabase是美国Metabase公司的一个开源数据分析平台。 Metabase 0.46.6.1之前版本和Metabase Enterprise 1.46.6.1之前版本存在安全漏洞,该漏洞源于允许攻击者以运行该服务的权限在服务器上执行任意命令。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-38646 的公开POC
# POC 描述 源链接 神龙链接
1 None https://github.com/adriyansyah-mf/CVE-2023-38646--Metabase- POC详情
2 For educational purposes only https://github.com/Pumpkin-Garden/POC_Metabase_CVE-2023-38646 POC详情
3 Metabase Pre-auth RCE (CVE-2023-38646)!! https://github.com/0xrobiul/CVE-2023-38646 POC详情
4 Remote Code Execution on Metabase CVE-2023-38646 https://github.com/Chocapikk/CVE-2023-38646 POC详情
5 None https://github.com/Xuxfff/CVE-2023-38646-Poc POC详情
6 POC for CVE-2023-38646 https://github.com/securezeron/CVE-2023-38646 POC详情
7 Tools to exploit metabase CVE-2023-38646 https://github.com/lazysec0x21/CVE-2023-38646 POC详情
8 Proof of Concept for CVE-2023-38646 https://github.com/Zenmovie/CVE-2023-38646 POC详情
9 Metabase Pre-auth RCE https://github.com/shamo0/CVE-2023-38646-PoC POC详情
10 CVE-2023-38646-POC https://github.com/fidjiw/CVE-2023-38646-POC POC详情
11 None https://github.com/Any3ite/cve-2023-38646-metabase-ReverseShell POC详情
12 Automatic Tools For Metabase Exploit Known As CVE-2023-38646 https://github.com/robotmikhro/CVE-2023-38646 POC详情
13 Metabase Pre-auth RCE (CVE-2023-38646) https://github.com/kh4sh3i/CVE-2023-38646 POC详情
14 CVE-2023-38646 (Pre-Auth RCE in Metabase) https://github.com/joaoviictorti/CVE-2023-38646 POC详情
15 None https://github.com/yxl2001/CVE-2023-38646 POC详情
16 CVE-2023-38646 Pre-Auth RCE in Metabase https://github.com/alexandre-pecorilla/CVE-2023-38646 POC详情
17 Metabase H2 远程代码执行漏洞(CVE-2023-38646) https://github.com/CN016/Metabase-H2-CVE-2023-38646- POC详情
18 CVE-2023-38646 Metabase RCE https://github.com/Boogipop/MetabaseRceTools POC详情
19 CVE-2023-38646 Metabase 0.46.6 exploit https://github.com/SUT0L/CVE-2023-38646 POC详情
20 CVE-2023-38646 Unauthenticated RCE vulnerability in Metabase https://github.com/nickswink/CVE-2023-38646 POC详情
21 None https://github.com/passwa11/CVE-2023-38646 POC详情
22 None https://github.com/threatHNTR/CVE-2023-38646 POC详情
23 None https://github.com/asepsaepdin/CVE-2023-38646 POC详情
24 Exploit script for Pre-Auth RCE in Metabase (CVE-2023-38646) https://github.com/Pyr0sec/CVE-2023-38646 POC详情
25 Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. https://github.com/birdm4nw/CVE-2023-38646 POC详情
26 RCE Exploit for CVE-2023-38646 https://github.com/AnvithLobo/CVE-2023-38646 POC详情
27 Python script to exploit CVE-2023-38646 Metabase Pre-Auth RCE via SQL injection https://github.com/Red4mber/CVE-2023-38646 POC详情
28 Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. https://github.com/junnythemarksman/CVE-2023-38646 POC详情
29 A crappy exploit script written for CVE-2023-38646. It works about as well as peace treaties between Israel and Hamas. https://github.com/Itrekr/CVE-2023-38646-Crapsploit POC详情
30 Metabase Pre-Auth RCE POC https://github.com/Mrunalkaran/CVE-2023-38646 POC详情
31 Code to detect/exploit vulnerable metabase application https://github.com/j0yb0y0h/CVE-2023-38646 POC详情
32 Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. https://github.com/Ego1stoo/CVE-2023-38646 POC详情
33 Metabase postgres (org.h2.Driver) RCE without INIT https://github.com/0utl4nder/Another-Metabase-RCE-CVE-2023-38646 POC详情
34 Tools to exploit metabase CVE-2023-38646 https://github.com/raytheon0x21/CVE-2023-38646 POC详情
35 None https://github.com/Shisones/MetabaseRCE_CVE-2023-38646 POC详情
36 None https://github.com/acesoyeo/METABASE-RCE-CVE-2023-38646- POC详情
37 Exploit for the Remote Code Execution (RCE) vulnerability identified in Metabase versions before 0.46.6.1 (open source) and 1.46.6.1 (Enterprise). Authentication is not required for exploitation. https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase POC详情
38 Exploit for CVE-2023-38646, a pre-auth RCE in Metbase https://github.com/xchg-rax-rax/CVE-2023-38646 POC详情
39 This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646. https://github.com/m3m0o/metabase-pre-auth-rce-poc POC详情
40 CVE-2023-38646是Metabase中的一个远程代码执行漏洞。该漏洞源于Metabase在处理未经身份验证的API端点/api/setup/validate时,对JDBC连接字符串的处理存在安全缺陷。攻击者可以通过构造特定的JDBC连接字符串,利用该端点在服务器上执行任意命令,而无需进行身份验证。 https://github.com/XiaomingX/cve-2023-38646-poc POC详情
41 Proof-of-Concept script for exploiting CVE-2023-38646. Intended for educational and research purposes only. https://github.com/JayRyz/CVE-2023-38646-PoC-Metabase POC详情
42 CVE-2023-38646 Metabase 0.46.6 exploit https://github.com/DaniTheHack3r/CVE-2023-38646 POC详情
43 Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-38646.yaml POC详情
44 None https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metabase%20%E6%9C%AA%E6%8E%88%E6%9D%83%20JDBC%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-38646.md POC详情
45 https://github.com/vulhub/vulhub/blob/master/metabase/CVE-2023-38646/README.md POC详情
三、漏洞 CVE-2023-38646 的情报信息