Описание
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
Уязвимые конфигурации
Конфигурация 1Версия до 9.642.0 (исключая)
cpe:2.3:a:palantir:contour:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
2.7 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-425
CWE-862
Связанные уязвимости
CVSS3: 2.7
github
больше 2 лет назад
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
EPSS
Процентиль: 12%
0.0004
Низкий
2.7 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-425
CWE-862