Issues notification metadata lacks authorization
CVE-2023-30946

3.5LOW

Key Information:

Vendor: Palantir
Status: Com.palantir.issues:issues
Vendor: CVE Published:; 29 June 2023

What is CVE-2023-30946?

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

com.palantir.issues:issues * < 2.497.0

References

https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-8...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2023
Vulnerability Reserved
Apr 21, 2023

JSON

Palantir