Vulnerability Description
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palantir | Foundry Code-Workbooks | >= 4.144.0, < 4.461.0 |
Related Weaknesses (CWE)
References
- https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.mdThird Party Advisory
- https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.mdThird Party Advisory
FAQ
What is CVE-2022-27896?
CVE-2022-27896 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These...
How severe is CVE-2022-27896?
CVE-2022-27896 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27896?
Check the references section above for vendor advisories and patch information. Affected products include: Palantir Foundry Code-Workbooks.