6.5

CVE-2024-5166

Insecure Direct Object Reference In Looker

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleLooker Version23.18
GoogleLooker Version23.20
GoogleLooker Version24.0
GoogleLooker Version24.2
GoogleLooker Version24.4
GoogleLooker Version24.6
GoogleLooker Version24.8
GoogleLooker Version24.10
GoogleLooker Version24.12
GoogleLooker Version24.14
GoogleLooker Version24.16
GoogleLooker Version24.18
GoogleLooker Version24.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.207
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve-coordination@google.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.