{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27895", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "assignerShortName": "Palantir", "datePublished": "2022-11-15T19:45:12.275072Z", "dateUpdated": "2024-09-17T01:06:38.475Z", "dateReserved": "2022-03-25T00:00:00"}, "containers": {"cna": {"title": "A component in Foundry logging was found to be capturing sensitive information in logs.", "datePublic": "2022-11-14T00:00:00", "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2022-11-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."}], "affected": [{"vendor": "Palantir", "product": "Foundry Build2", "versions": [{"version": "unspecified", "lessThan": "1.785.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-532 Information Exposure Through Log Files", "cweId": "CWE-532"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["PLTRSEC-2022-06"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.879Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:foundry_build2:*:*:*:*:*:*:*:*", "matchCriteriaId": "86FDD22C-382A-4B0F-ADBD-AAA9484C76E8", "versionEndExcluding": "1.785.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n a trav\u00e9s de archivos de registro descubierta en Foundry cuando los registros se capturaron utilizando una librer\u00eda subyacente conocida como Build2. Este problema estaba presente en versiones anteriores a la 1.785.0. Actualice a Build2 versi\u00f3n 1.785.0 o superior."}], "id": "CVE-2022-27895", "lastModified": "2022-11-17T23:23:12.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2022-11-15T20:15:10.930", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Third Party Advisory"], "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}

{}