CVE-2022-27893 - OpenCVE

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Osisoft-pi-web-connector Project	Osisoft-pi-web-connector

Configuration 1 [-]

cpe:2.3:a:osisoft-pi-web-connector_project:osisoft-pi-web-connector:*:*:*:*:*:foundry_magritte:*:*

No data.

References

Link	Providers
https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2022-11-04T16:05:08.352156Z

Updated: 2024-09-16T17:15:10.119Z

Reserved: 2022-03-25T00:00:00

Link: CVE-2022-27893

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-04T16:15:14.427

Modified: 2022-11-14T15:23:56.983

Link: CVE-2022-27893

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27893", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "assignerShortName": "Palantir", "datePublished": "2022-11-04T16:05:08.352156Z", "dateUpdated": "2024-09-16T17:15:10.119Z", "dateReserved": "2022-03-25T00:00:00"}, "containers": {"cna": {"title": "The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests.", "datePublic": "2022-11-04T00:00:00", "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2022-11-04T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0."}], "affected": [{"vendor": "Palantir", "product": "Foundry Magritte plugin osisoft-pi-web-connector", "versions": [{"version": "unspecified", "lessThan": "0.43.0", "status": "affected", "versionType": "custom"}, {"version": "next of 0.15.0", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}]}], "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-532 Information Exposure Through Log Files", "cweId": "CWE-532"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["PLTRSEC-2022-03"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.982Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osisoft-pi-web-connector_project:osisoft-pi-web-connector:*:*:*:*:*:foundry_magritte:*:*", "matchCriteriaId": "BBD80887-7EAA-459F-B352-BF302B6A3ACD", "versionEndExcluding": "0.44.0", "versionStartIncluding": "0.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0."}, {"lang": "es", "value": "Se descubri\u00f3 que el complemento Foundry Magritte osissoft-pi-web-connector versiones 0.15.0 - 0.43.0 registraba de una manera que capturaba las solicitudes de autenticaci\u00f3n. Esta vulnerabilidad se resuelve en osisoft-pi-web-connector versi\u00f3n 0.44.0."}], "id": "CVE-2022-27893", "lastModified": "2022-11-14T15:23:56.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2022-11-04T16:15:14.427", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Third Party Advisory"], "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}