2 matches found
CVE-2023-30946
Foundry Issues had an authorization flaw where a user who could not view a resource could query Foundry’s Notification API and retrieve issue metadata (RID, severity, author UUID, and title). Affected are Foundry Issues prior to version 2.497.0; remediation is to upgrade to a fixed release (2.497...
CVE-2023-30946 Issues notification metadata lacks authorization
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UU...