CVE-2023-30952

EPSS 0.37%
Veröffentlicht 03.08.2023 22:15:12
Zuletzt bearbeitet 21.11.2024 08:01:08
Quelle cve-coordination@palantir.com
CVE-Watchlists
Login
Unerledigt
Login

Foundry Issues reporterPath phishing by parameter injection

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Palantir ≫ Foundry Version < 6.228.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.283

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cve-coordination@palantir.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-30952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30952

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-30952