An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.
CVSS
No CVSS.
References
Configurations
Configuration 1 (hide)
|
History
22 Jul 2025, 20:49
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Google
Google looker |
|
| CWE | CWE-639 | |
| References | () https://cloud.google.com/looker/docs/best-practices/query-id-update-instructions - Product | |
| CPE | cpe:2.3:a:google:looker:23.18:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.6:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.14:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.18:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.2:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.16:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.8:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.12:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.20:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.4:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.0:*:*:*:*:*:*:* cpe:2.3:a:google:looker:24.10:*:*:*:*:*:*:* cpe:2.3:a:google:looker:23.20:*:*:*:*:*:*:* |
22 May 2024, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-22 17:16
Updated : 2025-07-22 20:49
NVD link : CVE-2024-5166
Mitre link : CVE-2024-5166
JSON object : View
Products Affected
- looker
CWE
CWE-639
Authorization Bypass Through User-Controlled Key