← Zuruck zu CVEs
CVE-2023-30956
MEDIUM5.3
Beschreibung
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht7/10/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
palantir:foundry_comments
Schwachen (CWE)
CWE-639
Referenzen
https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a(cve-coordination@palantir.com)
https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.