Lucene search

PalantirCVELIST:CVE-2023-30962

HistorySep 12, 2023 - 6:29 p.m.

CVE-2023-30962 Stored XSS in cerberus attachments

2023-09-1218:29:42

CWE-434

Palantir

www.cve.org

cve-2023-30962

stored xss

cerberus attachments

security vulnerability

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

21.7%

JSON

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.acme.cerberus:cerberus",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "100.230704.0-27-g031dd58",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

21.7%

JSON

Related for CVELIST:CVE-2023-30962