Metabase Sandbox Configuration Vulnerability
CVE-2024-55951 Published on December 16, 2024
Metabase sandboxed users could see filter values from other sandboxed users
Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2024-55951 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2024-55951
Want to know whenever a new CVE is published for Metabase? stack.watch will email you.
Affected Versions
metabase Version >= 1.52.0, < 1.52.2.5 is affected by CVE-2024-55951Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.