Lucene search

PalantirCVELIST:CVE-2023-30949

HistoryJul 26, 2023 - 5:35 p.m.

CVE-2023-30949 CVE-2023-30949

2023-07-2617:35:04

CWE-1173

Palantir

www.cve.org

slate sandbox

origin validation

vulnerability

content modification

phishing

cve-2023-30949

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

JSON

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page’s content, which could lead to phishing attacks.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.slate:slate",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "6.207.0",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

JSON

Related for CVELIST:CVE-2023-30949