Search criteria
4 vulnerabilities found for com.palantir.comments:comments by Palantir
CVE-2023-30956 (GCVE-0-2023-30956)
Vulnerability from cvelistv5 – Published: 2023-07-10 21:07 – Updated: 2024-10-23 17:30
VLAI?
Title
IDOR in Foundry Comments allows retrieval of attachments
Summary
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
Severity ?
5.3 (Medium)
CWE
- CWE-639 - The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.comments:comments |
Affected:
* , < 2.267.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:27:44.330773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:30:12.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.comments:comments",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.267.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "The system\u0027s authorization functionality does not prevent one user from gaining access to another user\u0027s data or record by modifying the key value identifying the data.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T21:07:31.073Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"
}
],
"source": {
"defect": [
"PLTRSEC-2023-24"
],
"discovery": "EXTERNAL"
},
"title": "IDOR in Foundry Comments allows retrieval of attachments"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30956",
"datePublished": "2023-07-10T21:07:31.073Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-23T17:30:12.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30948 (GCVE-0-2023-30948)
Vulnerability from cvelistv5 – Published: 2023-06-06 14:12 – Updated: 2025-01-07 18:15
VLAI?
Title
Retrieval of Attachments to Comments lacks Authorization
Summary
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Severity ?
6.5 (Medium)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.comments:comments |
Affected:
* , < 2.249.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T18:14:53.545428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T18:15:43.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.comments:comments",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.249.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect in Foundry\u0027s Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it\u0027s content.\n\nThis defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (\u0026). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput\u0026new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T14:12:59.240Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"
}
],
"source": {
"defect": [
"PLTRSEC-2023-16"
],
"discovery": "EXTERNAL"
},
"title": "Retrieval of Attachments to Comments lacks Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30948",
"datePublished": "2023-06-06T14:12:59.240Z",
"dateReserved": "2023-04-21T10:39:02.384Z",
"dateUpdated": "2025-01-07T18:15:43.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30956 (GCVE-0-2023-30956)
Vulnerability from nvd – Published: 2023-07-10 21:07 – Updated: 2024-10-23 17:30
VLAI?
Title
IDOR in Foundry Comments allows retrieval of attachments
Summary
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
Severity ?
5.3 (Medium)
CWE
- CWE-639 - The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.comments:comments |
Affected:
* , < 2.267.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:27:44.330773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:30:12.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.comments:comments",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.267.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "The system\u0027s authorization functionality does not prevent one user from gaining access to another user\u0027s data or record by modifying the key value identifying the data.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T21:07:31.073Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"
}
],
"source": {
"defect": [
"PLTRSEC-2023-24"
],
"discovery": "EXTERNAL"
},
"title": "IDOR in Foundry Comments allows retrieval of attachments"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30956",
"datePublished": "2023-07-10T21:07:31.073Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-23T17:30:12.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30948 (GCVE-0-2023-30948)
Vulnerability from nvd – Published: 2023-06-06 14:12 – Updated: 2025-01-07 18:15
VLAI?
Title
Retrieval of Attachments to Comments lacks Authorization
Summary
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Severity ?
6.5 (Medium)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.comments:comments |
Affected:
* , < 2.249.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T18:14:53.545428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T18:15:43.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.comments:comments",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.249.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect in Foundry\u0027s Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it\u0027s content.\n\nThis defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (\u0026). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput\u0026new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T14:12:59.240Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"
}
],
"source": {
"defect": [
"PLTRSEC-2023-16"
],
"discovery": "EXTERNAL"
},
"title": "Retrieval of Attachments to Comments lacks Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30948",
"datePublished": "2023-06-06T14:12:59.240Z",
"dateReserved": "2023-04-21T10:39:02.384Z",
"dateUpdated": "2025-01-07T18:15:43.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}