How severe is CVE-2023-23628?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2023-23628?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-23628 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds.

Related Vulnerabilities

CVE-2014-0872

MEDIUM

CVSS:4.1(Medium)

The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ...

CWE-2002014

CVE-2015-7487

MEDIUM

CVSS:4.1(Medium)

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 ...

CWE-2002015

CVE-2016-1490

MEDIUM

CVSS:4.1(Medium)

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.

CWE-2002016

CVE-2016-5504

MEDIUM

CVSS:4.1(Medium)

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confid...

CWE-2002016

CVE-2016-8313

MEDIUM

CVSS:4.1(Medium)

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2....

CWE-2002016

CVE-2018-1843

MEDIUM

CVSS:4.1(Medium)

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It ...

CWE-2002018