CVE-2023-23628
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-23628
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23628.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-23628
- Related
- Published
- 2023-01-28T02:15:07Z
- Modified
- 2025-07-29T10:49:58.724453Z
- Severity
-
- 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds.
- References
Affected packages
Git / github.com/metabase/metabase
Affected ranges
- Type
- GIT
- Repo
- https://github.com/metabase/metabase
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.3
0.34.0-rc1
Other
blah
v20150601-alpha
v20150603-alpha
v20150604-alpha
prettier-1.*
prettier-1.17.0-package
release-0.*
release-0.32.2
v0.*
v0.10.0
v0.10.3
v0.10.4
v0.10.4.1
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.12.0
v0.12.0-test
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.21.0
v0.21.0-rc2
v0.21.0-rc3
v0.21.1
v0.22.0
v0.22.1
v0.23.0
v0.23.0.RC2
v0.23.0.RC3
v0.23.0.RC4
v0.23.1
v0.24.0
v0.24.0.RC1
v0.24.0.RC2
v0.24.0.RC3
v0.24.0.RC4
v0.24.1
v0.24.2
v0.25.0
v0.25.0.RC1
v0.25.0.RC2
v0.26.0
v0.26.0.RC1
v0.26.0.RC2
v0.26.1
v0.28.0
v0.28.0-RC
v0.28.0-RC2
v0.28.0-RC3
v0.28.0.RC1
v0.28.1
v0.29.0
v0.29.0-RC1
v0.29.1
v0.29.2
v0.29.3
v0.30.0
v0.30.0-rc
v0.30.1
v0.30.2
v0.30.3
v0.30.4
v0.31.0
v0.31.0-RC1
v0.31.1
v0.31.2
v0.32.0
v0.32.0-RC1
v0.32.0-RC2
v0.32.1
v0.32.2
v0.32.3
v0.32.4
v0.32.5
v0.32.6
v0.32.7
v0.32.8
v0.33.0
v0.33.0-RC1
v0.33.1
v0.33.2
v0.33.3
v0.33.4
v0.33.5
v0.33.5.1
v0.33.6
v0.33.7
v0.33.7.1
v0.33.7.2
v0.33.7.3
v0.34.0
v0.34.1
v0.34.1-rc-test
v0.34.2
v0.34.3
v0.35.0
v0.35.0-rc1
v0.35.0-rc2
v0.35.1
v0.35.2
v0.35.3
v0.35.4
v0.36.0
v0.36.0-rc1
v0.36.0-snapshot
v0.36.1
v0.36.2
v0.36.3
v0.36.4
v0.36.5
v0.36.5.1
v0.36.6
v0.36.7
v0.36.8
v0.36.8.1
v0.37.0
v0.37.0-rc2
v0.37.0.1
v0.37.0.2
v0.37.1
v0.37.2
v0.37.3
v0.37.4
v0.37.5
v0.37.6
v0.37.7
v0.37.8
v0.38.0
v0.38.0-preview
v0.38.0-rc1
v0.38.0-rc2
v0.38.0-rc3
v0.38.0-rc4
v0.38.0-rc5
v0.38.0.1
v0.38.1
v0.38.2
v0.38.3
v0.38.4
v0.39.0
v0.39.0-rc1
v0.39.0-rc2
v0.39.0.1
v0.39.1
v0.39.2
v0.39.3
v0.39.4
v0.40.0
v0.40.0-rc1-dan
v0.40.0-rc2
v0.41.0-RC1
v0.42.0-preview1
v0.43.0
v0.43.0-rc1
v0.43.0-rc2
v0.43.1
v0.43.2
v0.43.3
v0.43.4
v0.43.4.1
v0.43.4.2
v0.43.5
v0.43.6
v0.43.7
v0.9-final
v0.9.1
v0.9.2
v0.9.3
v1.*
v1.37.0.2
v1.37.1
v1.37.1.1
v1.37.1.2
v1.37.2
v1.37.3
v1.37.4
v1.37.5
v1.37.6
v1.37.7
v1.37.8
v1.38.0
v1.38.0.1
v1.38.1
v1.38.1-migration
v1.38.2
v1.38.3
v1.38.4
v1.39.0
v1.39.0.1
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.40.0
v1.40.0-rc2
v1.41.0-RC1
v1.42.0-preview1
v1.42.0-rc2
v1.43.0
v1.43.0-rc1
v1.43.0-rc2
v1.43.1
v1.43.2
v1.43.3
v1.43.4
v1.43.4.1
v1.43.4.2
v1.43.5
v1.43.6
v1.43.7