Home > Vulnerability Database > CVE-2024-55951

Mend.io Vulnerability Database

CVE-2024-55951

Date: December 16, 2024

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.

Language: Clojure

Severity Score

4.1

Related Resources (5)

Url: https://hub.docker.com/r/metabase/metabase/tags

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55951

Url: https://downloads.metabase.com/v0.52.2.5/metabase.jar

Url: https://github.com/metabase/metabase/security/advisories/GHSA-rhjf-q2qw-rvx3

Url: https://www.mend.io/vulnerability-database/CVE-2024-55951

Severity Score

4.1

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55951

Date: December 16, 2024

Language: Clojure

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?