CVE-2023-30967

Summary

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.meta:orbital-simulator* < 0.692.0affected

Weaknesses

  • CWE-22: The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
  • CWE-287: When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References