A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Palantir
Published: 2023-06-06T14:12:59.240Z
Updated: 2024-08-02T14:37:15.614Z
Reserved: 2023-04-21T10:39:02.384Z
Link: CVE-2023-30948
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-06T15:15:09.350
Modified: 2024-11-21T08:01:08.127
Link: CVE-2023-30948
Redhat
No data.