Lucene search

PalantirCVELIST:CVE-2022-27895

HistoryNov 14, 2022 - 12:00 a.m.

CVE-2022-27895 A component in Foundry logging was found to be capturing sensitive information in logs.

2022-11-1400:00:00

CWE-532

Palantir

www.cve.org

foundry

logging

sensitive information

log files

build2

vulnerability

upgrade

cve-2022-27895

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "Foundry Build2",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.785.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON

Related for CVELIST:CVE-2022-27895