CVE-2023-30958
Vulnerability from cvelistv5
Published
2023-08-03 21:09
Modified
2024-10-09 20:10
Severity ?
EPSS score ?
Summary
DOM XSS in Developer mode dashboard via redirect GET parameter
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Palantir | com.palantir.foundry:foundry-frontend |
Version: * ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:24.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30958", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-09T19:26:22.213930Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-09T20:10:39.833Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "com.palantir.foundry:foundry-frontend", "vendor": "Palantir", "versions": [ { "lessThan": "6.225.0", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n" } ], "impacts": [ { "capecId": "CAPEC-588", "descriptions": [ { "lang": "en", "value": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users." } ] } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-83", "description": "The product does not neutralize or incorrectly neutralizes \"javascript:\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-03T21:09:10.026Z", "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir" }, "references": [ { "url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b" } ], "source": { "defect": [ "PLTRSEC-2023-27" ], "discovery": "EXTERNAL" }, "title": "DOM XSS in Developer mode dashboard via redirect GET parameter" } }, "cveMetadata": { "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "assignerShortName": "Palantir", "cveId": "CVE-2023-30958", "datePublished": "2023-08-03T21:09:10.026Z", "dateReserved": "2023-04-21T11:25:51.028Z", "dateUpdated": "2024-10-09T20:10:39.833Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-30958\",\"sourceIdentifier\":\"cve-coordination@palantir.com\",\"published\":\"2023-08-03T22:15:12.170\",\"lastModified\":\"2023-11-07T04:14:08.700\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\\n\\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-83\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.225.0\",\"matchCriteriaId\":\"5A394572-A4EE-403D-B924-38DBE3F42E9B\"}]}]}],\"references\":[{\"url\":\"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\",\"source\":\"cve-coordination@palantir.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.