A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
History

Mon, 28 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2023-06-29T18:49:23.694Z

Updated: 2024-10-28T13:03:50.838Z

Reserved: 2023-04-21T10:39:02.384Z

Link: CVE-2023-30946

cve-icon Vulnrichment

Updated: 2024-08-02T14:37:15.691Z

cve-icon NVD

Status : Modified

Published: 2023-06-29T19:15:08.837

Modified: 2024-11-21T08:01:08.000

Link: CVE-2023-30946

cve-icon Redhat

No data.