Metabase open source before 0.46.6.1 and Metabase...
Critical severity
Unreviewed
Published
Jul 21, 2023
to the GitHub Advisory Database
•
Updated Feb 15, 2024
Description
Published by the National Vulnerability Database
Jul 21, 2023
Published to the GitHub Advisory Database
Jul 21, 2023
Last updated
Feb 15, 2024
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
References