IDOR in Foundry Comments allows retrieval of attachments
CVE-2023-30956

5.3MEDIUM

Key Information:

Vendor: Palantir
Status: Com.palantir.comments:comments
Vendor: CVE Published:; 10 July 2023

What is CVE-2023-30956?

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

Affected Version(s)

com.palantir.comments:comments * < 2.267.0

References

https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Apr 21, 2023

Palantir

What is CVE-2023-30956?

Affected Version(s)

References

CVSS V3.1

Timeline