Metabase

Metabase Remote Code Execution Vulnerability (CVS 2023-37470)

August 3, 2023

Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-37470). Due to a flaw in the vulnerability fix for CVS 2023 38646, attackers can achieve remote code execution through H2 connection string injection. Affected users should take protective measures as soon as possible. Reference link: https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83 Scope of Impact Affected version Open […]

Metabase Remote Code Execution Vulnerability (CVS 2023-38646) Notification

August 1, 2023

Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Metabase (CVE-2023-38646). Unauthenticated attackers can successfully exploit this vulnerability to execute arbitrary commands with Metabase server privileges on the target server. Affected users should take protective measures as soon as possible. Reference link: https://www.metabase.com/blog/security-advisory Scope of Impact Affected version Open source version: Enterprise version: […]

Search

Subscribe to the NSFOCUS Blog