The version of Metabase installed on the remote host is 0.46.x < 0.46.6.1, 0.45.x < 0.45.4.1, 1.45.x < 1.45.4.1, 0.44.x < 0.44.7.1, 1.44.x < 1.44.7.1, 0.43.x < 0.43.7.2, and 1.43.x < 1.43.7.2. It is, therefore, affected by a command execution vulnerability when a malicious attacker sends a specially crafted payload to the api/setup/validate endpoint. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Metabase RCE (CVE-2023-38646)
