Lucene search
PalantirCVE-2023-30962HistorySep 12, 2023 - 7:15 p.m.
CVE-2023-30962
2023-09-1219:15:36
CWE-434
CWE-79
Palantir
web.nvd.nist.gov
9
cve-2023-30962
nvd
security
vulnerability
xss
cerberus
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
21.7%
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
Affected configurations
Node
palantirgotham_cerberusRange<100.230704.0-27-g031dd58
| Vendor | Product | Version | CPE |
|---|---|---|---|
| palantir | gotham_cerberus | * | cpe:2.3:a:palantir:gotham_cerberus:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Palantir",
"product": "com.palantir.acme.cerberus:cerberus",
"versions": [
{
"version": "*",
"versionType": "semver",
"lessThan": "100.230704.0-27-g031dd58",
"status": "affected"
}
]
}
]Related
prion
prion
Cross site scripting
2023-09-12 19:15:00
nvd
nvd
CVE-2023-30962
2023-09-12 19:15:36
vulnrichment
vulnrichment
CVE-2023-30962 Stored XSS in cerberus attachments
2023-09-12 18:29:42
cvelist
cvelist
CVE-2023-30962 Stored XSS in cerberus attachments
2023-09-12 18:29:42
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
EPSS
0.001
Percentile
21.7%
Related for CVE-2023-30962