1 results (0.001 seconds)
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0
CVE-2023-22834 – The contour service was not checking that users had permission to create an analysis for a given dataset
https://notcve.org/view.php?id=CVE-2023-22834
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. Contour Service no comprobaba que los usuarios tuvieran permiso para crear un análisis para un conjunto de datos determinado. Esto podría permitir a un atacante saturar las carpetas de Compass con análisis extraños que, de otro modo, no tendría permiso para crear. • https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8 • CWE-425: Direct Request ('Forced Browsing') CWE-862: Missing Authorization •