Lucene search

PalantirCVELIST:CVE-2022-27893

HistoryNov 04, 2022 - 12:00 a.m.

CVE-2022-27893 The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests.

2022-11-0400:00:00

CWE-532

Palantir

www.cve.org

foundry magritte

osisoft-pi-web-connector

vulnerability

authentication

logging

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "Foundry Magritte plugin osisoft-pi-web-connector",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.43.0",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "next of 0.15.0",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2022-27893