CVE-2022-27893

Summary

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.

Affected Software

VendorProductVersion RangeStatus
PalantirFoundry Magritte plugin osisoft-pi-web-connectorunspecified < 0.43.0affected
PalantirFoundry Magritte plugin osisoft-pi-web-connectornext of 0.15.0 < unspecifiedaffected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References