CVE-2023-30960

Summary

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.foundry.jobtracker:job-tracker* < 4.645.0affected

Weaknesses

  • CWE-639: The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References