CVE-2023-22836 In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

🗓️ 29 Jan 2024 18:50:37Reported by PalantirType

Foundry's Linter service exposes renamed values to multi-tenant users

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-22836	29 Jan 202420:26	–	circl
CNNVD	Palantir Foundry Security Breach	29 Jan 202400:00	–	cnnvd
CVE	CVE-2023-22836	29 Jan 202418:50	–	cve
EUVD	EUVD-2023-26947	3 Oct 202520:07	–	euvd
NVD	CVE-2023-22836	29 Jan 202419:15	–	nvd
OSV	CVE-2023-22836	29 Jan 202419:15	–	osv
Prion	Design/Logic Flaw	29 Jan 202419:15	–	prion
Positive Technologies	PT-2024-11979 · Foundry · Foundry'S Linter Service	29 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-22836	23 May 202504:44	–	redhatcve
Vulnrichment	CVE-2023-22836 In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.	29 Jan 202418:50	–	vulnrichment

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.skywise:guardian",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "2.278.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
palantir	www.palantir.safebase.us/

29 Jan 2024 18:50Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.13.5

EPSS0.00259

CWE-862