Lucene search

[email protected]CVE-2022-27895

HistoryNov 15, 2022 - 8:15 p.m.

CVE-2022-27895

2022-11-1520:15:10

CWE-532

[email protected]

web.nvd.nist.gov

cve-2022-27895

foundry

information exposure

log files

vulnerability

build2

upgrade

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.

Affected configurations

NVD

Node

palantirfoundry_build2Range<1.785.0

CPENameOperatorVersion
palantir:foundry_build2palantir foundry build2lt1.785.0

CPE	Name	Operator	Version
palantir:foundry_build2	palantir foundry build2	lt	1.785.0

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "Foundry Build2",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.785.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVE-2022-27895

cvelist1 prion1 nvd1