We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-30956

IDOR in Foundry Comments allows retrieval of attachments



Description

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

Reserved 2023-04-21 | Published 2023-07-10 | Updated 2024-10-23 | Assigner Palantir


MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Product status

* before 2.267.0
affected

References

palantir.safebase.us/...40367943-738c-4e69-b852-4a503c77478a

cve.org (CVE-2023-30956)

nvd.nist.gov (CVE-2023-30956)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-30956

Support options

Helpdesk Chat, Email, Knowledgebase