CVE-2023-30946 : A security defect was identified in Foundry Issues. If a user was added to an is

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Published 2023-06-29 19:15:09

Updated 2023-07-07 17:04:56

Source Palantir Technologies

View at NVD, CVE.org

Products affected by CVE-2023-30946

Palantir » Foundry Issues
Versions before (<) 2.497.0
cpe:2.3:a:palantir:foundry_issues:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-30946

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-30946

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N	2.1	1.4	Palantir Technologies
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2023-30946

https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3

Palantir Trust and Security Portal | SafeBase
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-30946

Products affected by CVE-2023-30946

Exploit prediction scoring system (EPSS) score for CVE-2023-30946

CVSS scores for CVE-2023-30946

References for CVE-2023-30946