{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-27895","assignerOrgId":"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4","assignerShortName":"Palantir","datePublished":"2022-11-15T19:45:12.275Z","dateUpdated":"2025-04-29T20:08:00.710Z","dateReserved":"2022-03-25T00:00:00.000Z"},"containers":{"cna":{"title":"A component in Foundry logging was found to be capturing sensitive information in logs.","datePublic":"2022-11-14T00:00:00.000Z","providerMetadata":{"orgId":"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4","shortName":"Palantir","dateUpdated":"2022-11-15T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."}],"affected":[{"vendor":"Palantir","product":"Foundry Build2","versions":[{"version":"unspecified","lessThan":"1.785.0","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-532 Information Exposure Through Log Files","cweId":"CWE-532"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"defect":["PLTRSEC-2022-06"],"discovery":"INTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T05:41:10.879Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-29T20:07:43.465718Z","id":"CVE-2022-27895","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-29T20:08:00.710Z"}}]}}