CVE-2024-8912

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+
CVSS

No CVSS.

Configurations

No configuration.

History

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de contrabando de solicitudes HTTP en Looker permitió que un atacante no autorizado capturara respuestas HTTP destinadas a usuarios legítimos. Hay dos versiones de Looker alojadas por Looker: * Se descubrió que Looker (núcleo de Google Cloud) era vulnerable. Este problema ya se ha mitigado y nuestra investigación no ha encontrado signos de explotación. * Looker (original) no era vulnerable a este problema. Se descubrió que las instancias de Looker alojadas por el cliente eran vulnerables y deben actualizarse. Esta vulnerabilidad se ha corregido en todas las versiones compatibles de Looker alojadas por el cliente, que están disponibles en la página de descarga de Looker https://download.looker.com/ . Para las instancias de Looker alojadas por el cliente, actualice a la última versión compatible de Looker lo antes posible. Las versiones a continuación se han actualizado para proteger contra esta vulnerabilidad. Puede descargar estas versiones en la página de descarga de Looker: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+

11 Oct 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 19:15

Updated : 2024-10-15 12:57


NVD link : CVE-2024-8912

Mitre link : CVE-2024-8912

CVE.ORG link : CVE-2024-8912


JSON object : View

Products Affected

No product.

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')