A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2023-06-06T14:12:59.240Z

Updated: 2024-08-02T14:37:15.614Z

Reserved: 2023-04-21T10:39:02.384Z

Link: CVE-2023-30948

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-06T15:15:09.350

Modified: 2024-11-21T08:01:08.127

Link: CVE-2023-30948

cve-icon Redhat

No data.