Intrusion PreventionMetabase.Setup.Token.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Metabase open source.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests. An unauthenicated remote attacker can exploit this to execute arbitrary code via a crafted request on the target server.
Affected Products
Metabase version 0.43.7.1 and prior
Metabase version 0.44.0 to version 0.44.7.0
Metabase version 0.45.0 to version 0.45.4.0
Metabase version 0.46.0 to version 0.46.6.0
Metabase version 1.43.7.1 and piror
Metabase version 1.44.0 to version 1.44.7.0
Metabase version 1.45.0 to version 1.45.4.0
Metabase version 1.46.0 to version 1.46.6.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.metabase.com/blog/security-advisory
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-03-25 | 27.754 | Sig Added |
| 2023-09-28 | 25.646 | Default_action:pass:drop |
| 2023-09-13 | 25.637 |
| ID | 53542 |
| Created | Aug 28, 2023 |
| Updated | Mar 25, 2024 |
| Risk |
|
| CVE ID | CVE-2023-38646 CVE-2023-37470 |
| Exploit Prediction Score | 91.3% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |