Issues notification metadata lacks authorization
CVE-2023-30946

3.5LOW

Key Information:

Vendor: Palantir
Status: Com.palantir.issues:issues
Vendor: CVE Published:; 29 June 2023

What is CVE-2023-30946?

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Affected Version(s)

com.palantir.issues:issues * < 2.497.0

References

https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-8...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2023
Vulnerability Reserved
Apr 21, 2023

Palantir

What is CVE-2023-30946?

Affected Version(s)

References

CVSS V3.1

Timeline