CVE-2023-22834 – The contour service was not checking that users had permission to create an analysis for a given dataset

https://notcve.org/view.php?id=CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. Contour Service no comprobaba que los usuarios tuvieran permiso para crear un análisis para un conjunto de datos determinado. Esto podría permitir a un atacante saturar las carpetas de Compass con análisis extraños que, de otro modo, no tendría permiso para crear. • https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8 • CWE-425: Direct Request ('Forced Browsing') CWE-862: Missing Authorization •