CVE-2023-30955

Summary

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.workspace:workspace* < 7.7.0affected

Weaknesses

  • CWE-602: The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References