Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.
History

Tue, 17 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Description Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.
Title Metabase sandboxed users could see filter values from other sandboxed users
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-16T20:03:54.861Z

Updated: 2024-12-17T15:17:36.574Z

Reserved: 2024-12-13T17:47:38.371Z

Link: CVE-2024-55951

cve-icon Vulnrichment

Updated: 2024-12-17T15:17:32.502Z

cve-icon NVD

Status : Received

Published: 2024-12-16T20:15:13.823

Modified: 2024-12-16T20:15:13.823

Link: CVE-2024-55951

cve-icon Redhat

No data.