Lucene search

PalantirCVELIST:CVE-2023-30958

HistoryAug 03, 2023 - 9:09 p.m.

CVE-2023-30958 DOM XSS in Developer mode dashboard via redirect GET parameter

2023-08-0321:09:10

CWE-83

Palantir

www.cve.org

dom xss

foundry frontend

developer mode

dashboard

security defect

resolved

cve-2023-30958

redirect get parameter

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry’s CSP were to be bypassed.

This defect was resolved with the release of Foundry Frontend 6.225.0.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.foundry:foundry-frontend",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "6.225.0",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-30958