Vulnerability Details : CVE-2023-30956
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
Products affected by CVE-2023-30956
- cpe:2.3:a:palantir:foundry_comments:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30956
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30956
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
Palantir Technologies | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
NIST |
References for CVE-2023-30956
-
https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a
Palantir Trust and Security Portal | SafeBaseVendor Advisory
Jump to