CVE-2023-30948
CVSS V2 None
CVSS V3 None
Description
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Overview
- CVE ID
- CVE-2023-30948
- Assigner
- Palantir
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-06-06T14:12:59.240Z
- Last Modified Date
- 2023-06-06T14:12:59.240Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-30948 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30948 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 17:29:07 | Added to TrackCVE |