exploitDog

CVE-2023-30956

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

Ссылки

https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a
Vendor Advisory
https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:palantir:foundry_comments:*:*:*:*:*:*:*:*

Версия до 2.267.0 (исключая)

EPSS

Процентиль: 43%

0.00202

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-639

NVD-CWE-noinfo

Связанные уязвимости

GHSA-23xf-gc3r-v6rr

CVSS3: 5.3

github

около 2 лет назад

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

EPSS

Процентиль: 43%

0.00202

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-639

NVD-CWE-noinfo