Lucene search

PalantirCVELIST:CVE-2023-30954

HistoryNov 15, 2023 - 7:43 p.m.

CVE-2023-30954 Gotham Video Broken Authentication

2023-11-1519:43:36

CWE-285

Palantir

www.cve.org

gotham video

broken authentication

cve-2023-30954

race condition

acls

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/CR:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "com.palantir.video:video-application-server",
    "versions": [
      {
        "version": "*",
        "versionType": "semver",
        "lessThan": "2.206.1",
        "status": "affected"
      }
    ]
  }
]

References

palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/CR:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-30954