Lucene search

PalantirCVELIST:CVE-2023-30960

HistoryJul 10, 2023 - 9:05 p.m.

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

2023-07-1021:05:23

CWE-639

Palantir

www.cve.org

cve-2023-30960

foundry job-tracker

insecure direct object reference

idor

metadata

security defect

fixed

release

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.foundry.jobtracker:job-tracker",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "4.645.0",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2023-30960