CVE-2023-22834

The contour service was not checking that users had permission to create an analysis for a given dataset

CVSS 2.7 LOWEPSS 0.3%CWE-425

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/AR:L

Produtos afetados

Palantir · com.palantir.contour:contour-dispatch

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8