CVE-2022-27896
The Foundry Code-Workbooks service was found to contain an issue leading to information disclosure.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.
Vulnerabilidad de exposición de información a través de archivos de registro descubierta en Foundry Code-Workbooks donde el endpoint que respalda esa consola generaba registros de servicio de cualquier código Python que se estuviera ejecutando. Estos registros de servicio incluían el token de Foundry que representa la consola Python de Code-Workbooks. Actualice a Code-Workbooks versión 4.461.0. Este problema afecta a Palantir Foundry Code-Workbooks desde la versión 4.144 hasta la versión 4.460.0 y se resuelve en 4.461.0.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-25 CVE Reserved
- 2022-11-14 CVE Published
- 2024-06-02 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Palantir Search vendor "Palantir" | Foundry Code-workbooks Search vendor "Palantir" for product "Foundry Code-workbooks" | >= 4.144.0 < 4.461.0 Search vendor "Palantir" for product "Foundry Code-workbooks" and version " >= 4.144.0 < 4.461.0" | - |
Affected
|