CVE-2023-30960 MEDIUM

CVE-2023-30960: Insecure Direct Object Reference (IDOR) in Foundry job-tracker

Vendor Palantir
Product com.palantir.foundry.jobtracker:job-tracker
Weakness CWE-639 · IDOR
Published July 10, 2023
Last update October 23, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Key dates

02Disclosure timeline

July 10, 2023 CVE published
October 23, 2024 Record updated