Gotham Video Broken Authentication
CVE-2023-30954

2.7LOW

Key Information:

Vendor: Palantir
Status: Com.palantir.video:video-application-server
Vendor: CVE Published:; 15 November 2023

What is CVE-2023-30954?

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.

Affected Version(s)

com.palantir.video:video-application-server * < 2.206.1

References

https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Apr 21, 2023

Palantir

What is CVE-2023-30954?

Affected Version(s)

References

CVSS V3.1

Timeline