CVE-2023-30956 — MEDIUM (5.3)

Q: How severe is CVE-2023-30956?

CVE-2023-30956 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-30956?

Check the references section above for vendor advisories and patch information. Affected products include: Palantir Foundry Comments.

Vulnerability Description

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Palantir	Foundry Comments	< 2.267.0

Related Weaknesses (CWE)

CWE-639

References

https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478aVendor Advisory
https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478aVendor Advisory

FAQ

What is CVE-2023-30956?

CVE-2023-30956 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment....

How severe is CVE-2023-30956?

CVE-2023-30956 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-30956?

Check the references section above for vendor advisories and patch information. Affected products include: Palantir Foundry Comments.