CVE-2023-30962

Опубликовано: 12 сент. 2023

Источник: nvd

CVSS3: 6.8

CVSS3: 5.4

EPSS Низкий

Описание

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .

Ссылки

https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0
Vendor Advisory
https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:palantir:gotham_cerberus:*:*:*:*:*:*:*:*

Версия до 100.230704.0-27-g031dd58 (исключая)

EPSS

Процентиль: 70%

0.00635

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-434

CWE-79

Связанные уязвимости

GHSA-7c9h-q97p-3hvv

CVSS3: 6.8

github

больше 2 лет назад

EPSS

Процентиль: 70%

0.00635

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-434

CWE-79