6.5

CVE-2024-5166

An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.

Data is provided by the National Vulnerability Database (NVD)
GoogleLooker Version23.18
GoogleLooker Version23.20
GoogleLooker Version24.0
GoogleLooker Version24.2
GoogleLooker Version24.4
GoogleLooker Version24.6
GoogleLooker Version24.8
GoogleLooker Version24.10
GoogleLooker Version24.12
GoogleLooker Version24.14
GoogleLooker Version24.16
GoogleLooker Version24.18
GoogleLooker Version24.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.208
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
cve-coordination@google.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.