CVE-2022-27894

Summary

The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0.

Affected Software

VendorProductVersion RangeStatus
PalantirFoundry Blobster Serviceunspecified < 3.227.0affected
PalantirFoundry Blobster Servicenext of 3.207.0 < unspecifiedaffected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References