CVE-2023-30948 - OpenCVE

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Palantir	Foundry Comments

Configuration 1 [-]

cpe:2.3:a:palantir:foundry_comments:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62

History

No history.

MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2023-06-06T14:12:59.240Z

Updated: 2024-08-02T14:37:15.614Z

Reserved: 2023-04-21T10:39:02.384Z

Link: CVE-2023-30948

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-06T15:15:09.350

Modified: 2023-11-07T04:14:07.667

Link: CVE-2023-30948

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30948", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "state": "PUBLISHED", "assignerShortName": "Palantir", "dateReserved": "2023-04-21T10:39:02.384Z", "datePublished": "2023-06-06T14:12:59.240Z", "dateUpdated": "2024-08-02T14:37:15.614Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2023-06-06T14:12:59.240Z"}, "title": "Retrieval of Attachments to Comments lacks Authorization", "affected": [{"vendor": "Palantir", "product": "com.palantir.comments:comments", "versions": [{"version": "*", "versionType": "semver", "lessThan": "2.249.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.\n\nThis defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time."}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput&new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", "lang": "en", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseSeverity": "MEDIUM", "baseScore": 6.5}, "format": "CVSS"}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"}], "source": {"discovery": "EXTERNAL", "defect": ["PLTRSEC-2023-16"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:37:15.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:foundry_comments:*:*:*:*:*:*:*:*", "matchCriteriaId": "17A99FCB-A846-4921-9370-767988FD292B", "versionEndExcluding": "2.249.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.\n\nThis defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time."}], "id": "CVE-2023-30948", "lastModified": "2023-11-07T04:14:07.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2023-06-06T15:15:09.350", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}