CVE-2023-30950 Vulnerability Details

  /     /     /  

CVE-2023-30950 Metadata Quick Info

CVE Published: 03/08/2023 | CVE Updated: 09/10/2024 | CVE Year: 2023
Source: Palantir | Vendor: Palantir | Product: com.palantir.campaigns:campaigns
Status : PUBLISHED

---

CVE-2023-30950 Description

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-290
CWE Name: This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Source: Palantir

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-115
CAPEC Description: An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.


Source: NVD (National Vulnerability Database).