CVE-2022-27896

{"id": "CVE-2022-27896", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@palantir.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}]}, "published": "2022-11-14T21:15:10.930", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md", "tags": ["Third Party Advisory"], "source": "cve-coordination@palantir.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "cve-coordination@palantir.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n a trav\u00e9s de archivos de registro descubierta en Foundry Code-Workbooks donde el endpoint que respalda esa consola generaba registros de servicio de cualquier c\u00f3digo Python que se estuviera ejecutando. Estos registros de servicio inclu\u00edan el token de Foundry que representa la consola Python de Code-Workbooks. Actualice a Code-Workbooks versi\u00f3n 4.461.0. Este problema afecta a Palantir Foundry Code-Workbooks desde la versi\u00f3n 4.144 hasta la versi\u00f3n 4.460.0 y se resuelve en 4.461.0."}], "lastModified": "2022-11-17T22:09:21.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:palantir:foundry_code-workbooks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8691A12-6C33-4A35-AB0C-2AAE3CA6B321", "versionEndExcluding": "4.461.0", "versionStartIncluding": "4.144.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@palantir.com"}