Data Exposure Flaw in Metabase Open-Source Analytics Platform
CVE-2024-55951

Currently unrated

Key Information:

Vendor: Metabase
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-55951?

CVE-2024-55951 identifies a significant data exposure vulnerability within the Metabase open-source data analytics platform. The issue affects sandbox configurations introduced in versions 1.52.0 to 1.52.2.4, allowing sandboxed users to inadvertently access field filter values that belong to other sandboxed users. This defect presents considerable security risks, as sensitive information may be disclosed between users. The vulnerability is addressed in version 1.52.2.5; therefore, it is critical for users operating on affected versions to upgrade immediately to mitigate the risk. No alternatives or workarounds exist aside from upgrading to the patched version.

References

https://downloads.metabase.com/v0.52.2.5/metabase.jar

https://github.com/metabase/metabase/security/advisories/...

https://hub.docker.com/r/metabase/metabase/tags

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024