14 matches found
EUVD-2023-35294
Malicious code in bioql PyPI...
EUVD-2023-35286
Malicious code in bioql PyPI...
CVE-2023-30956
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
CVE-2023-30948
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...
CVE-2023-30956
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
CVE-2023-30956
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
Code injection
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
CVE-2023-30956 IDOR in Foundry Comments allows retrieval of attachments
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
CVE-2023-30956 IDOR in Foundry Comments allows retrieval of attachments
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0...
CVE-2023-30956
The CVE-2023-30956 entry concerns Palantir Foundry Comments where an issue allowed a user to retrieve the contents of an attachment submitted to another comment by knowing the target attachment’s internal UUID. The root cause is an insecure IDOR-like access path that exposes attachment contents. ...
PT-2023-23085 · Unknown · Foundry Comments
Name of the Vulnerable Software and Affected Versions: Foundry Comments versions prior to 2.267.0 Description: A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the targ...
CVE-2023-30948
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...
CVE-2023-30948 Retrieval of Attachments to Comments lacks Authorization
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's conten...
PT-2023-23078 · Foundry · Foundry Comments
Name of the Vulnerable Software and Affected Versions: Foundry Comments versions prior to 2.249.0 Description: A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an...