CVE-2023-30954

Summary

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.video:video-application-server* < 2.206.1affected

Weaknesses

  • CWE-285: The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References