CVE-2023-30952: Foundry Issues reporterPath phishing by parameter injection
First published: Thu Aug 03 2023(Updated: )
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
Credit: cve-coordination@palantir.com cve-coordination@palantir.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palantir Foundry | <6.228.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-30952?
The severity of CVE-2023-30952 is medium with a severity value of 4.3.
How was the security defect in Foundry Issues exploited?
The security defect in Foundry Issues allowed users to create convincing phishing links by editing the request sent when creating an Issue.
Has the security defect in Foundry Issues been resolved?
Yes, the security defect in Foundry Issues has been resolved in Frontend release 6.228.0.
How can I check if my software version is affected by CVE-2023-30952?
You can check if your software version is affected by CVE-2023-30952 by verifying if it is equal to or earlier than version 6.228.0 of Palantir Foundry.
Where can I find more information about CVE-2023-30952?
You can find more information about CVE-2023-30952 at the following reference: [https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4](https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4)
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/softwarecombine
- agent/type
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/palantir
- canonical/palantir foundry