Metabase Pre-auth CVE-2023-38646 RCE Exploit

Metabase Pre-auth CVE-2023-38646 RCE Exploit

vPython by Prapattimynk

The vulnerability existed in the /api/setup/validate API endpoint, which served as a crucial part of Metabase’s initial setup process. During application setup, this endpoint was responsible for check

Android Android 5.0Exploits And POCs
( 587 ratings )
Price: $0
File
Publisher Prapattimynk
Genre Exploits And POCs
File Type Python
Os All
Mod Version Python
Report Report
is the most famous version in the series of publisher
Download

The vulnerability existed in the /api/setup/validate API endpoint, which served as a crucial part of Metabase’s initial setup process. During application setup, this endpoint was responsible for checking the database connection. However, attackers could exploit a flaw in the JDBC connection handling, leading to remote code execution (RCE) with pre-authentication. This meant that attackers could execute malicious commands on the server with elevated privileges, gaining full control over the application environment. With this level of access, an attacker could potentially steal sensitive data, manipulate the application, or even gain control of the entire server infrastructure.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.