QwikSec

Security Database

CVE

CWE

Training

CVE-2024-55951

Published: Dec 16, 2024

Modified: Dec 17, 2024

PUBLISHED

Description

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.

Vendor	Product	Versions
metabase	metabase	affected `>= 1.52.0, < 1.52.2.5`

Weaknesses (CWE)

References

https://github.com/metabase/metabase/security/advisories/GHSA-rhjf-q2qw-rvx3

x_refsource_CONFIRM

https://downloads.metabase.com/v0.52.2.5/metabase.jar

x_refsource_MISC

https://hub.docker.com/r/metabase/metabase/tags

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.