Lucene search

K
cve[email protected]CVE-2024-5166
HistoryMay 22, 2024 - 5:16 p.m.

CVE-2024-5166

2024-05-2217:16:15
CWE-639
web.nvd.nist.gov
29
google cloud
looker
insecure direct object reference
metadata exposure
lookml model

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

An Insecure Direct Object Reference in Google Cloud’s Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.

Affected configurations

Vulners
Node
google_cloudlookerRange23.18
OR
google_cloudlookerRange23.20
OR
google_cloudlookerRange24.0
OR
google_cloudlookerRange24.2
OR
google_cloudlookerRange24.4
OR
google_cloudlookerRange24.6
OR
google_cloudlookerRange24.8
OR
google_cloudlookerRange24.10
OR
google_cloudlookerRange24.12
OR
google_cloudlookerRange24.14
OR
google_cloudlookerRange24.16
OR
google_cloudlookerRange24.18
OR
google_cloudlookerRange24.20

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Looker",
    "vendor": "Google Cloud",
    "versions": [
      {
        "status": "affected",
        "version": "23.18"
      },
      {
        "status": "affected",
        "version": "23.20"
      },
      {
        "status": "affected",
        "version": "24.0"
      },
      {
        "status": "affected",
        "version": "24.2"
      },
      {
        "status": "affected",
        "version": "24.4"
      },
      {
        "status": "affected",
        "version": "24.6"
      },
      {
        "status": "affected",
        "version": "24.8"
      },
      {
        "status": "affected",
        "version": "24.10"
      },
      {
        "status": "affected",
        "version": "24.12"
      },
      {
        "status": "affected",
        "version": "24.14"
      },
      {
        "status": "affected",
        "version": "24.16"
      },
      {
        "status": "affected",
        "version": "24.18"
      },
      {
        "status": "affected",
        "version": "24.20"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-5166