CVE-2023-22834 – The contour service was not checking that users had permission to create an analysis for a given dataset

https://notcve.org/view.php?id=CVE-2023-22834

26 Jun 2023 — The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. Contour Service no comprobaba que los usuarios tuvieran permiso para crear un análisis para un conjunto de datos determinado. Esto podría permitir a un atacante saturar las carpetas de Compass con análisis extraños que, de otro modo, no tendría permiso par... • https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8 • CWE-425: Direct Request ('Forced Browsing') CWE-862: Missing Authorization •