Lucene search

[email protected]CVE-2023-30960

HistoryJul 10, 2023 - 10:15 p.m.

CVE-2023-30960

2023-07-1022:15:09

CWE-639

CWE-668

[email protected]

web.nvd.nist.gov

cve-2023-30960

foundry

job-tracker

security defect

unauthorized access

metadata

version 4.645.0

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Affected configurations

NVD

Node

palantirfoundry_job-trackerRange<4.645.0

CPENameOperatorVersion
palantir:foundry_job-trackerpalantir foundry job-trackerlt4.645.0

CPE	Name	Operator	Version
palantir:foundry_job-tracker	palantir foundry job-tracker	lt	4.645.0

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.foundry.jobtracker:job-tracker",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "4.645.0",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2023-30960

nvd1 prion1 cvelist1