CVE-2023-30960
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palantir | com.palantir.foundry.jobtracker:job-tracker | * < 4.645.0 | affected |
Weaknesses
- CWE-639: The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.