CVE-2023-30946

EPSS 0.34%
Veröffentlicht 29.06.2023 19:15:08
Zuletzt bearbeitet 21.11.2024 08:01:08
Quelle cve-coordination@palantir.com
CVE-Watchlists
Login
Unerledigt
Login

Issues notification metadata lacks authorization

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Palantir ≫ Foundry Issues Version < 2.497.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.251

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve-coordination@palantir.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CWE-420 Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-30946

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30946

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30946

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-30946