CVE-2023-22834 - OpenCVE

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Palantir	Contour

Configuration 1 [-]

cpe:2.3:a:palantir:contour:*:*:*:*:*:*:*:*

References

Link	Resource
https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Palantir

Published: 2023-06-26T23:06:00.892Z

Updated: 2023-06-26T23:06:00.892Z

Reserved: 2023-01-06T21:43:46.848Z

Link: CVE-2023-22834

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-27T00:15:09.437

Modified: 2023-11-07T04:07:27.060

Link: CVE-2023-22834

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:contour:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE4A9B13-659F-47C5-9B8B-7B6886AD285A", "versionEndExcluding": "9.642.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create."}, {"lang": "es", "value": "Contour Service no comprobaba que los usuarios tuvieran permiso para crear un an\u00e1lisis para un conjunto de datos determinado. Esto podr\u00eda permitir a un atacante saturar las carpetas de Compass con an\u00e1lisis extra\u00f1os que, de otro modo, no tendr\u00eda permiso para crear. "}], "id": "CVE-2023-22834", "lastModified": "2023-11-07T04:07:27.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2023-06-27T00:15:09.437", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-425"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}