3 matches found
CVE-2023-30948 Retrieval of Attachments to Comments lacks Authorization
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...
CVE-2023-30948
Foundry Comments contains a vulnerability where attachments to comments were not gated by authorization checks, allowing an authenticated user to inject a known attachment UUID into other comments to view its content. Affected products: Foundry Comments versions prior to 2.249.0. Root cause: miss...
CVE-2023-30948 Retrieval of Attachments to Comments lacks Authorization
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...