CVE-2023-22833

Опубликовано: 06 июн. 2023

Источник: nvd

CVSS3: 7.6

CVSS3: 6.5

EPSS Низкий

Описание

Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.

Ссылки

https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae
Vendor Advisory
https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:palantir:foundry:*:*:*:*:*:*:*:*

Версия от 2.519.0 (включая) до 2.531.0 (включая)

EPSS

Процентиль: 16%

0.0005

Низкий

7.6 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-304

CWE-863

Связанные уязвимости

GHSA-rp5m-xq4p-5f64

CVSS3: 7.6

github

больше 2 лет назад

Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances.

EPSS

Процентиль: 16%

0.0005

Низкий

7.6 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-304

CWE-863