## New module content (1)
### Metabase Setup Token RCE
![Metasploit weekly wrap-up](https://blog.rapid7.com/content/images/2023/08/metasploit-ascii-1-2.png)
Authors: Maxwell Garrett, Shubham Shah, and h00die
**Type:** Exploit
**Pull request:** [#18232]() contributed by [h00die]()
**Path:** `exploits/linux/http/metabase_setup_token_rce`
**AttackerKB reference:** [CVE-2023-38646]()
**Description:** This adds a module for an unauthenticated RCE against Metabase. Metabase versions before 0.46.6.1 contain a bug where an unauthenticated user can retrieve a setup-token. With this, they can query an API endpoint to setup a new database, then inject an H2 connection string RCE.
## Enhanced Modules (1)
Modules which have either been enhanced, or renamed:
* [#18264]() from [zeroSteiner]() – Updates the `exploits/freebsd/http/citrix_formssso_target_rce` module for CVE-2023-3519 to include two new targets, Citrix ADC (NetScaler) 12.1-65.25, and 12.1-64.17. This module now supports automatic targeting based on the `Last-Modified` header of the `logon/fonts/citrix-fonts.css` resource.
## Enhancements and features (6)
* [#18191]() from [jvoisin]() – This adds support for detecting whether a Metasploit session is running in a Podman container and improves detection for sessions running in Docker, LXC, and WLS containers.
* [#18224]() from [rorymckinley]() – This adds the first iteration of specs for SSH Login scanner.
* [#18231]() from [ErikWynter]() – This adds index selection for the modules returned via the favorites (or show favorites) command.
* [#18244]() from [cgranleese-r7]() – Adds tests to ensure the consistency of Metasploit payloads.
* [#18274]() from [wvu]() – Updates CVE-2020-14871 `exploits/solaris/ssh/pam_username_bof` docs.
## Bugs fixed (2)
* [#18220]() from [dwelch-r7]() – Adds additional error handling when loading Metasploit payloads to msfconsole’s startup process to ensure missing payloads do not crash msfconsole.
* [#18260]() from [adfoster-r7]() – This adds a fix to verify the `EC2_ID` module option is validated.
## Documentation
You can find the latest Metasploit documentation on our docsite at [docs.metasploit.com]().
## Get it
As always, you can update to the latest Metasploit Framework with `msfupdate`
and you can get more details on the changes since the last blog post from
GitHub:
* [Pull Requests 6.3.28…6.3.29]()
* [Full diff 6.3.28…6.3.29]()
If you are a `git` user, you can clone the [Metasploit Framework repo]() (master branch) for the latest.
To install fresh without using git, you can use the open-source-only [Nightly Installers]() or the
[binary installers]() (which also include the commercial edition).Read More