CVE-2023-22834

Summary

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.contour:contour-dispatch* < 9.642.0affected

Weaknesses

  • CWE-425: The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References