A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
                
            References
                    | Link | Resource | 
|---|---|
| https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3 | Vendor Advisory | 
| https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3 | Vendor Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2023-06-29 19:15
Updated : 2024-11-21 08:01
NVD link : CVE-2023-30946
Mitre link : CVE-2023-30946
CVE.ORG link : CVE-2023-30946
JSON object : View
Products Affected
                palantir
- foundry_issues
CWE
                
                    
                        
                        CWE-288
                        
            Authentication Bypass Using an Alternate Path or Channel
CWE-420Unprotected Alternate Channel
NVD-CWE-Other