CVE-2022-27895: A component in Foundry logging was found to be capturing sensitive information in logs.
First published: Tue Nov 15 2022(Updated: )
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.
Credit: cve-coordination@palantir.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palantir Foundry | <1.785.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-27895?
CVE-2022-27895 is an Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2.
What is the severity of CVE-2022-27895?
The severity of CVE-2022-27895 is high with a CVSS score of 7.5.
How do I fix CVE-2022-27895?
To fix CVE-2022-27895, upgrade to Build2 version 1.785.0 or greater.
What software is affected by CVE-2022-27895?
Palantir Foundry Build2 versions earlier than 1.785.0 are affected by CVE-2022-27895.
Where can I find more information about CVE-2022-27895?
You can find more information about CVE-2022-27895 in the security bulletin available at the following link: [link](https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md)
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/palantir
- canonical/palantir foundry