CVE Vulnerability

CVE-2022-27896

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:palantir:foundry_code-workbooks:*:*:*:*:*:*:*:*
Information

Published : 2022-11-14 09:15

Updated : 2022-11-17 10:09

NVD link : CVE-2022-27896

Mitre link : CVE-2022-27896

Products Affected
No products.
CWE
CWE-532

Insertion of Sensitive Information into Log File