Description
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.
References (1)
Core 1
Core References
Scores
CVSS v3
6.5
EPSS
0.0007
EPSS Percentile
20.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (13)
google/looker
23.18
google/looker
23.20
google/looker
24.0
google/looker
24.2
google/looker
24.4
google/looker
24.6
google/looker
24.8
google/looker
24.10
google/looker
24.12
google/looker
24.14
... and 3 more
Published
May 22, 2024
Tracked Since
Feb 18, 2026