CVE-2023-30946

Issues notification metadata lacks authorization

CVSS 3.5 LOWEPSS 0.3%CWE-288 CWE-420

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 3.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 jun 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Produtos afetados

Palantir · com.palantir.issues:issues

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3