CVE-2023-30945 - OpenCVE

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Palantir	Clips2 Video Clip Distributor Video History Service

Configuration 1 [-]

OR	cpe:2.3:a:palantir:clips2::::::::
	cpe:2.3:a:palantir:video_clip_distributor::::::::
	cpe:2.3:a:palantir:video_history_service::::::::

No data.

References

Link	Providers
https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9

History

No history.

MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2023-06-26T23:00:08.676Z

Updated: 2024-08-02T14:37:15.582Z

Reserved: 2023-04-21T10:39:02.384Z

Link: CVE-2023-30945

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-26T23:15:09.193

Modified: 2023-11-07T04:14:07.357

Link: CVE-2023-30945

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30945", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "state": "PUBLISHED", "assignerShortName": "Palantir", "dateReserved": "2023-04-21T10:39:02.384Z", "datePublished": "2023-06-26T23:00:08.676Z", "dateUpdated": "2024-08-02T14:37:15.582Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2023-06-26T23:00:08.676Z"}, "title": "CVE-2023-30945 ", "affected": [{"vendor": "Palantir", "product": "com.palantir.gotham:clips2", "versions": [{"version": "*", "versionType": "semver", "lessThan": "0.111.2", "status": "affected"}]}, {"vendor": "Palantir", "product": "com.palantir.video:video-history-server", "versions": [{"version": "*", "versionType": "semver", "lessThan": "2.210.3", "status": "affected"}]}, {"vendor": "Palantir", "product": "com.palantir.video:video-clip-distributor", "versions": [{"version": "*", "versionType": "semver", "lessThan": "0.24.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.", "lang": "en", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:M", "baseSeverity": "CRITICAL", "baseScore": 9.8}, "format": "CVSS"}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9"}], "source": {"discovery": "INTERNAL", "defect": ["PLTRSEC-2023-18"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.582Z"}, "title": "CVE Program Container", "references": [{"url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:clips2:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB9EB1C8-6DDE-4EC8-99F2-1130EABA72CA", "versionEndExcluding": "0.111.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:palantir:video_clip_distributor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4883F5A-B29C-4EB9-9F55-D15499EC1A40", "versionEndExcluding": "0.24.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:palantir:video_history_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9C66728-D88D-4A48-89E3-D887A31C78DF", "versionEndExcluding": "2.210.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well."}], "id": "CVE-2023-30945", "lastModified": "2023-11-07T04:14:07.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2023-06-26T23:15:09.193", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-287"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}