CVE-2022-27895
A component in Foundry logging was found to be capturing sensitive information in logs.
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.
Vulnerabilidad de exposición de información a través de archivos de registro descubierta en Foundry cuando los registros se capturaron utilizando una librería subyacente conocida como Build2. Este problema estaba presente en versiones anteriores a la 1.785.0. Actualice a Build2 versión 1.785.0 o superior.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-25 CVE Reserved
- 2022-11-15 CVE Published
- 2024-06-06 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Palantir Search vendor "Palantir" | Foundry Build2 Search vendor "Palantir" for product "Foundry Build2" | < 1.785.0 Search vendor "Palantir" for product "Foundry Build2" and version " < 1.785.0" | - |
Affected
| ||||||