Lucene search

PalantirCVELIST:CVE-2023-22833

HistoryJun 06, 2023 - 6:55 p.m.

CVE-2023-22833 Mandatory control bypass in Lime2

2023-06-0618:55:06

CWE-304

Palantir

www.cve.org

cve-2023-22833

mandatory control bypass

lime2

palantir foundry

vulnerable

authenticated users

foundry organization

access controls

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.lime:lime2",
    "versions": [
      {
        "versionType": "semver",
        "version": "2.519.0",
        "lessThan": "2.532.0",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Related for CVELIST:CVE-2023-22833