CVE-2024-55951

Metabase sandboxed users could see filter values from other sandboxed users

Description

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.

INFO

Published Date :

2024-12-16T20:03:54.861Z

Last Modified :

2024-12-17T15:17:36.574Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-55951 vulnerability.

Vendors	Products
Metabase	Metabase

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55951.

URL	Resource
https://downloads.metabase.com/v0.52.2.5/metabase.jar
https://github.com/metabase/metabase/security/advisories/GHSA-rhjf-q2qw-rvx3
https://hub.docker.com/r/metabase/metabase/tags

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability