A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to \'Developer Mode\'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
Metrics
CVSS Version: 3.1 |
Base Score: 4.3 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-ID: CWE-602 CWE Name: The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. Source: Palantir
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC-233 CAPEC Description: An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.