CVE-2023-30945 - OpenCVE

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Palantir	Video Clip Distributor Video History Service Clips2

Configuration 1 [-]

OR	cpe:2.3:a:palantir:clips2::::::::
	cpe:2.3:a:palantir:video_clip_distributor::::::::
	cpe:2.3:a:palantir:video_history_service::::::::

References

Link	Resource
https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Palantir

Published: 2023-06-26T23:00:08.676Z

Updated: 2023-06-26T23:00:08.676Z

Reserved: 2023-04-21T10:39:02.384Z

Link: CVE-2023-30945

JSON object: View

NVD Information

Status : Modified

Published: 2023-06-26T23:15:09.193

Modified: 2023-11-07T04:14:07.357

Link: CVE-2023-30945

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30945", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "state": "PUBLISHED", "assignerShortName": "Palantir", "dateReserved": "2023-04-21T10:39:02.384Z", "datePublished": "2023-06-26T23:00:08.676Z", "dateUpdated": "2023-06-26T23:00:08.676Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2023-06-26T23:00:08.676Z"}, "title": "CVE-2023-30945 ", "affected": [{"vendor": "Palantir", "product": "com.palantir.gotham:clips2", "versions": [{"version": "*", "versionType": "semver", "lessThan": "0.111.2", "status": "affected"}]}, {"vendor": "Palantir", "product": "com.palantir.video:video-history-server", "versions": [{"version": "*", "versionType": "semver", "lessThan": "2.210.3", "status": "affected"}]}, {"vendor": "Palantir", "product": "com.palantir.video:video-clip-distributor", "versions": [{"version": "*", "versionType": "semver", "lessThan": "0.24.10", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.", "lang": "en", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:M", "baseSeverity": "CRITICAL", "baseScore": 9.8}, "format": "CVSS"}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9"}], "source": {"discovery": "INTERNAL", "defect": ["PLTRSEC-2023-18"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:clips2:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB9EB1C8-6DDE-4EC8-99F2-1130EABA72CA", "versionEndExcluding": "0.111.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:palantir:video_clip_distributor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4883F5A-B29C-4EB9-9F55-D15499EC1A40", "versionEndExcluding": "0.24.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:palantir:video_history_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9C66728-D88D-4A48-89E3-D887A31C78DF", "versionEndExcluding": "2.210.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well."}], "id": "CVE-2023-30945", "lastModified": "2023-11-07T04:14:07.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2023-06-26T23:15:09.193", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Vendor Advisory"], "url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-287"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}