Lucene search
GoogleVULNRICHMENT:CVE-2024-5166HistoryMay 22, 2024 - 4:11 p.m.
CVE-2024-5166 Insecure Direct Object Reference In Looker
2024-05-2216:11:55
CWE-639
Google
github.com
cve-2024-5166
insecure direct object reference
google cloud's looker
metadata exposure
authenticated users
lookml model
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
An Insecure Direct Object Reference in Google Cloud’s Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Looker",
"vendor": "Google Cloud",
"versions": [
{
"status": "affected",
"version": "23.18"
},
{
"status": "affected",
"version": "23.20"
},
{
"status": "affected",
"version": "24.0"
},
{
"status": "affected",
"version": "24.2"
},
{
"status": "affected",
"version": "24.4"
},
{
"status": "affected",
"version": "24.6"
},
{
"status": "affected",
"version": "24.8"
},
{
"status": "affected",
"version": "24.10"
},
{
"status": "affected",
"version": "24.12"
},
{
"status": "affected",
"version": "24.14"
},
{
"status": "affected",
"version": "24.16"
},
{
"status": "affected",
"version": "24.18"
},
{
"status": "affected",
"version": "24.20"
}
]
}
]Related
cvelist
cvelist
CVE-2024-5166 Insecure Direct Object Reference In Looker
2024-05-22 16:11:55
nvd
nvd
CVE-2024-5166
2024-05-22 17:16:15
cve
cve
CVE-2024-5166
2024-05-22 17:16:15
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-5166