CVE-2023-30946

LOW

palantir/foundry_issues < 2.497.0 - Unauthenticated Metadata Exposure via Notification API

Title source: llm

Description

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

References (1)

Core 1

Core References

Vendor Advisory

https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3

Scores

CVSS v3 3.5

EPSS 0.0034

EPSS Percentile 25.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-288 CWE-420

Status published

Products (1)

palantir/foundry_issues < 2.497.0

Published Jun 29, 2023

Tracked Since Feb 18, 2026