CVE-2024-55951 MEDIUM

CVE-2024-55951: Metabase sandboxed users could see filter values from other sandboxed users

Vendor Metabase

Product metabase

Weakness CWE-200 · Info exposure

Published December 16, 2024

Last update December 17, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.

Key dates

02Disclosure timeline

December 16, 2024 CVE published

December 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-55951 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-55951: Metabase sandboxed users could see filter values from other sandboxed users

01Description

02Disclosure timeline

03References

04Related CVE