CVE-2023-38646
CRITICAL EXPLOITED IN THE WILD NUCLEIMetabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Title source: llmExploitation Summary
CVE-2023-38646 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
EIP tracks 41 public exploits from researchers including Boogipop, robotmikhro, securezeron, including a Metasploit module exploits/linux/http/metabase_setup_token_rce.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional GUI-based exploit tool for CVE-2023-38646, targeting Metabase. It includes modules for detecting unauthenticated tokens, executing commands, and injecting memory shells (e.g., Godzilla).
Description
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
Exploits (41)
This repository contains a functional GUI-based exploit tool for CVE-2023-38646, targeting Metabase. It includes modules for detecting unauthenticated tokens, executing commands, and injecting memory shells (e.g., Godzilla).
This repository contains functional exploit code for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages a malicious database connection string to execute arbitrary commands via Java Runtime exec().
This repository contains functional exploit code for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The PoC includes a scanner to detect leaking setup tokens and a reverse shell exploit leveraging H2 database trigger injection.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages the H2 database driver to execute arbitrary commands via a crafted payload sent to the `/api/setup/validate` endpoint.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The PoC leverages H2 database JDBC URL injection to execute arbitrary commands via a crafted payload sent to the `/api/setup/validate` endpoint.
This repository contains a functional Python exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious JDBC connection string to execute arbitrary commands via Java runtime execution.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution (RCE) vulnerability in Metabase. The exploit leverages the H2 database driver to execute arbitrary commands via a crafted payload sent to the `/api/setup/validate` endpoint.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious database connection string to execute arbitrary commands via a crafted payload.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious database connection string to execute arbitrary commands via a reverse shell.
This repository contains a functional exploit for CVE-2023-38646, targeting Metabase servers. The exploit leverages a command injection vulnerability via crafted database connection strings to achieve remote code execution (RCE).
This repository contains a functional Python-based exploit for CVE-2023-38646, targeting Metabase. The exploit automates session token retrieval and crafts a malicious payload to achieve remote command execution via a reverse shell.
This repository contains a functional Python exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages a malicious database connection string to execute arbitrary commands via a JavaScript trigger in the H2 database engine.
This repository contains a functional Python exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase via SQL injection. The exploit retrieves a setup token and crafts a malicious payload to achieve RCE.
The repository contains a Python script that checks for the presence of CVE-2023-38646 in Metabase by sending crafted HTTP requests to validate the vulnerability. It does not exploit the vulnerability but detects it by analyzing responses.
This repository contains a functional Python exploit for CVE-2023-38646, targeting Metabase versions before 0.46.6.1 (open source) and 1.46.6.1 (Enterprise). The exploit leverages a pre-authentication RCE vulnerability by crafting a malicious payload to execute arbitrary commands or establish a reverse shell.
This repository provides a functional exploit for CVE-2023-38646, a pre-auth RCE in Metabase, by leveraging a crafted H2 database connection string to execute arbitrary shell commands via JavaScript injection in a trigger. It extends the original exploit to avoid 'database already in use' errors by using PostgreSQL as the engine while still targeting H2.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious database connection string to execute arbitrary commands via a crafted H2 database trigger.
This repository contains a functional exploit for CVE-2023-38646, targeting Metabase's setup validation endpoint to achieve remote code execution (RCE) via a crafted payload in the setup token. The exploit leverages a base64-encoded reverse shell payload and manipulates the database connection string to execute arbitrary commands.
This PoC exploits CVE-2023-38646 by sending a crafted POST request to the target URL with a malicious payload that leverages H2 database JDBC URL injection to execute arbitrary commands. The payload uses a collaborator URL to exfiltrate data, confirming successful exploitation.
The repository contains a functional Python exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit fetches a setup token and sends a crafted payload to execute a reverse shell via JavaScript injection in the H2 database configuration.
This repository contains a functional exploit for CVE-2023-38646, targeting Metabase's authentication bypass and RCE via malicious H2 database connection strings. The exploit automates account creation, login, and payload delivery to achieve remote code execution.
This repository contains functional exploit code for CVE-2023-38646, targeting Metabase. It includes a scanner to retrieve setup tokens and a reverse shell payload that leverages the vulnerability to achieve remote code execution via a crafted database connection string.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages a malicious JDBC connection string to execute arbitrary commands via a JavaScript trigger in the H2 database engine.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious JDBC connection string to execute arbitrary commands via a reverse shell payload.
This repository contains a functional exploit for CVE-2023-38646, leveraging a local privilege escalation (LPE) technique via overlayfs and capability manipulation to gain root access. The exploit uses `unshare`, `setcap`, and `overlayfs` to escalate privileges and spawn a root shell.
This repository contains a functional Rust-based PoC for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages a setup token from /api/session/properties to send a base64-encoded payload via the /api/setup/validate endpoint, executing arbitrary commands through a malicious H2 database trigger.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages an exposed setup token to inject a malicious payload via the API, resulting in arbitrary command execution on the target system.
This repository contains a functional exploit for CVE-2023-38646, targeting Metabase applications. The exploit leverages a vulnerability in the setup validation endpoint to achieve remote code execution via a crafted payload embedded in a database connection string.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious JDBC connection string to execute arbitrary commands via a reverse shell payload.
This repository contains a functional Python exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages a malicious JDBC connection string to execute arbitrary commands via a reverse shell payload.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages the setup token endpoint to inject a malicious JDBC connection string, triggering arbitrary command execution via a reverse shell.
This repository contains functional exploit code for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages the exposed setup token to execute arbitrary commands via a crafted payload in the setup validation endpoint.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The exploit leverages a malicious database connection string to execute arbitrary commands via a reverse shell.
This repository contains a functional exploit for CVE-2023-38646, targeting Metabase 0.46.6. The exploit leverages a mishandled database connection string to achieve remote code execution by injecting a malicious trigger via a crafted payload.
This PoC exploits CVE-2023-38646 in Metabase by leveraging an H2 database trigger to achieve remote code execution (RCE). It retrieves a setup token, crafts a malicious payload with a JavaScript trigger, and sends it to the Metabase API to execute arbitrary commands.
This repository contains functional exploit code for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages a setup token leak and SQL injection to execute arbitrary commands via a reverse shell payload.
This repository contains a functional exploit for CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase. The exploit leverages the setup token endpoint to inject a malicious JDBC connection string, triggering arbitrary command execution via a reverse shell.
This repository contains a functional Go-based exploit for CVE-2023-38646, targeting Metabase. The exploit leverages a setup token to execute a reverse shell via a crafted database connection string, exploiting a vulnerability in the setup validation endpoint.
This repository contains a functional exploit for CVE-2023-38646, targeting Metabase's pre-authentication RCE vulnerability via a crafted setup token and malicious database connection string. The exploit leverages JavaScript injection in an H2 database trigger to execute a reverse shell.
The repository contains a functional exploit for CVE-2023-38646, targeting Apache Solr's arbitrary file read vulnerability. The script includes methods to check for vulnerability, enable remote streaming, and execute commands to read arbitrary files.
This Metasploit module exploits CVE-2023-38646 in Metabase versions before 0.46.6.1 by leveraging an exposed setup token to execute arbitrary commands via a malicious H2 database connection string with a JavaScript trigger.
Nuclei Templates (1)
http.title:"Metabase" || http.title:"metabase"
app="Metabase" || title="metabase" || app="metabase"
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H