Learning more about Metabase Pre-auth RCE (CVE-2023–38646)
Introduction
In the realm of cybersecurity, Common Vulnerabilities and Exposures (CVE) play a pivotal role in identifying and addressing potential threats. The practice of publicly disclosing vulnerabilities has become a standard procedure, regardless of whether they pertain to hardware or software. The severity of each CVE is gauged by the Common Vulnerability Scoring System (CVSS) score, providing a standardized way to assess and prioritize security weaknesses.
Understanding Metabase Pre-Auth RCE
CVE 2023–38646 highlights a remote code execution vulnerability present in a specific version of Metabase. Metabase, an open-source program, empowers users to create visual representations of data from various databases. This flaw impacts all versions of the open-source software released before 0.46.6.1 and enterprise software released before 1.46.6.1.
Root Cause Analysis
The vulnerability stems from a lapse in security practices during the Metabase setup. Despite the requirement for a setup token during installation, this token isn’t cleared after the process completion. This oversight enables malicious actors to potentially steal the token, impersonate legitimate users, and issue commands directly through…