CVE-2023-22836

Summary

In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.skywise:guardian* < 2.278.0affected

Weaknesses

  • CWE-862: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References