CVE-2023-30958 (GCVE-0-2023-30958)
Vulnerability from cvelistv5 – Published: 2023-08-03 21:09 – Updated: 2024-10-09 20:10
VLAI?
Summary
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.
This defect was resolved with the release of Foundry Frontend 6.225.0.
Severity ?
4.7 (Medium)
CWE
- CWE-83 - The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.foundry:foundry-frontend |
Affected:
* , < 6.225.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:26:22.213930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:10:39.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.foundry:foundry-frontend",
"vendor": "Palantir",
"versions": [
{
"lessThan": "6.225.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-83",
"description": "The product does not neutralize or incorrectly neutralizes \"javascript:\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T21:09:10.026Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"
}
],
"source": {
"defect": [
"PLTRSEC-2023-27"
],
"discovery": "EXTERNAL"
},
"title": "DOM XSS in Developer mode dashboard via redirect GET parameter"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30958",
"datePublished": "2023-08-03T21:09:10.026Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-09T20:10:39.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.225.0\", \"matchCriteriaId\": \"5A394572-A4EE-403D-B924-38DBE3F42E9B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\\n\\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\\n\\n\"}]",
"id": "CVE-2023-30958",
"lastModified": "2024-11-21T08:01:09.177",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@palantir.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
"published": "2023-08-03T22:15:12.170",
"references": "[{\"url\": \"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\", \"source\": \"cve-coordination@palantir.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve-coordination@palantir.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-coordination@palantir.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-83\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-30958\",\"sourceIdentifier\":\"cve-coordination@palantir.com\",\"published\":\"2023-08-03T22:15:12.170\",\"lastModified\":\"2024-11-21T08:01:09.177\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\\n\\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cve-coordination@palantir.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-83\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.225.0\",\"matchCriteriaId\":\"5A394572-A4EE-403D-B924-38DBE3F42E9B\"}]}]}],\"references\":[{\"url\":\"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\",\"source\":\"cve-coordination@palantir.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:45:24.229Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-30958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-09T19:26:22.213930Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T20:10:36.032Z\"}}], \"cna\": {\"title\": \"DOM XSS in Developer mode dashboard via redirect GET parameter\", \"source\": {\"defect\": [\"PLTRSEC-2023-27\"], \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-588\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users.\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Palantir\", \"product\": \"com.palantir.foundry:foundry-frontend\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"lessThan\": \"6.225.0\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\\n\\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\\n\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-83\", \"description\": \"The product does not neutralize or incorrectly neutralizes \\\"javascript:\\\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.\"}]}], \"providerMetadata\": {\"orgId\": \"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4\", \"shortName\": \"Palantir\", \"dateUpdated\": \"2023-08-03T21:09:10.026Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-30958\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T20:10:39.833Z\", \"dateReserved\": \"2023-04-21T11:25:51.028Z\", \"assignerOrgId\": \"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4\", \"datePublished\": \"2023-08-03T21:09:10.026Z\", \"assignerShortName\": \"Palantir\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…