CVE-2023-22833 HIGH

CVE-2023-22833: Mandatory control bypass in Lime2

Vendor Palantir
Product com.palantir.lime:lime2
Weakness CWE-304
Published June 6, 2023
Last update January 7, 2025

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.

Key dates

02Disclosure timeline

June 6, 2023 CVE published
January 7, 2025 Record updated