PalantirCVELIST:CVE-2022-27889CVE-2022-27889 The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.1%
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
CNA Affected
[
{
"product": "Foundry Multipass",
"vendor": "Palantir",
"versions": [
{
"lessThan": "3.647.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.1%