{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-22834","assignerOrgId":"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4","state":"PUBLISHED","assignerShortName":"Palantir","dateReserved":"2023-01-06T21:43:46.848Z","datePublished":"2023-06-26T23:06:00.892Z","dateUpdated":"2024-11-07T18:29:04.974Z"},"containers":{"cna":{"providerMetadata":{"orgId":"bbcbe11d-db20-4bc2-8a6e-c79f87041fd4","shortName":"Palantir","dateUpdated":"2023-06-26T23:06:00.892Z"},"title":"The contour service was not checking that users had permission to create an analysis for a given dataset","affected":[{"vendor":"Palantir","product":"com.palantir.contour:contour-dispatch","versions":[{"version":"*","versionType":"semver","lessThan":"9.642.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-425","description":"The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.","lang":"en","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/AR:L","baseSeverity":"LOW","baseScore":2.7},"format":"CVSS"}],"references":[{"url":"https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8"}],"source":{"discovery":"INTERNAL","defect":["PLTRSEC-2023-09"]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:20:30.681Z"},"title":"CVE Program Container","references":[{"url":"https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-07T18:28:55.612164Z","id":"CVE-2023-22834","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-07T18:29:04.974Z"}}]}}