{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22833", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "state": "PUBLISHED", "assignerShortName": "Palantir", "dateReserved": "2023-01-06T21:43:46.848Z", "datePublished": "2023-06-06T18:55:06.549Z", "dateUpdated": "2025-01-07T16:24:09.439Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2023-06-08T16:49:59.385Z"}, "title": "Mandatory control bypass in Lime2", "affected": [{"vendor": "Palantir", "product": "com.palantir.lime:lime2", "versions": [{"versionType": "semver", "version": "2.519.0", "lessThan": "2.532.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-304", "description": "The product implements an authentication technique, but it skips a step that weakens the technique.", "lang": "en", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "baseSeverity": "HIGH", "baseScore": 7.6}, "format": "CVSS"}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"}], "source": {"discovery": "INTERNAL", "defect": ["PLTRSEC-2023-17"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.086Z"}, "title": "CVE Program Container", "references": [{"url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-07T16:23:48.399139Z", "id": "CVE-2023-22833", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T16:24:09.439Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.086Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22833", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-07T16:23:48.399139Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T16:23:59.528Z"}}], "cna": {"title": "Mandatory control bypass in Lime2", "source": {"defect": ["PLTRSEC-2023-17"], "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for."}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"}}], "affected": [{"vendor": "Palantir", "product": "com.palantir.lime:lime2", "versions": [{"status": "affected", "version": "2.519.0", "lessThan": "2.532.0", "versionType": "semver"}]}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"}], "descriptions": [{"lang": "en", "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-304", "description": "The product implements an authentication technique, but it skips a step that weakens the technique."}]}], "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2023-06-08T16:49:59.385Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22833", "state": "PUBLISHED", "dateUpdated": "2025-01-07T16:24:09.439Z", "dateReserved": "2023-01-06T21:43:46.848Z", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "datePublished": "2023-06-06T18:55:06.549Z", "assignerShortName": "Palantir"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:foundry:*:*:*:*:*:*:*:*", "matchCriteriaId": "96CA3B30-2934-4C54-A981-BD662E8FBE2D", "versionEndIncluding": "2.531.0", "versionStartIncluding": "2.519.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."}], "id": "CVE-2023-22833", "lastModified": "2024-11-21T07:45:29.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "cve-coordination@palantir.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-06T19:15:10.213", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-304"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}