CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30952 – Foundry Issues reporterPath phishing by parameter injection
https://notcve.org/view.php?id=CVE-2023-30952
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . • https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30950 – CVE-2023-30950
https://notcve.org/view.php?id=CVE-2023-30950
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint • https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a • CWE-290: Authentication Bypass by Spoofing CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30956 – IDOR in Foundry Comments allows retrieval of attachments
https://notcve.org/view.php?id=CVE-2023-30956
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. • https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30960 – Insecure Direct Object Reference (IDOR) in Foundry job-tracker
https://notcve.org/view.php?id=CVE-2023-30960
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. • https://palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b • CWE-639: Authorization Bypass Through User-Controlled Key CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30963 – Stored XSS in Foundry Slate Query Dropdown menu
https://notcve.org/view.php?id=CVE-2023-30963
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required. • https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-82: Improper Neutralization of Script in Attributes of IMG Tags in a Web Page •