Lucene search

[email protected]NVD:CVE-2022-27893

HistoryNov 04, 2022 - 4:15 p.m.

CVE-2022-27893

2022-11-0416:15:14

CWE-532

[email protected]

web.nvd.nist.gov

foundry magritte

osisoft-pi-web-connector

authentication logging

vulnerability

resolved

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

JSON

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.

Affected configurations

NVD

Node

osisoft-pi-web-connector_projectosisoft-pi-web-connectorRange0.15.0–0.44.0foundry_magritte

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for NVD:CVE-2022-27893

cve1 prion1 cvelist1