漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Retrieval of Attachments to Comments lacks Authorization
Vulnerability Description
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Palantir Foundry 安全漏洞
Vulnerability Description
Palantir Foundry是美国Palantir公司的一个业务流程管理平台。 Palantir Foundry 2.249.0之前版本存在安全漏洞,该漏洞源于评论功能中存在一个安全缺陷,攻击者利用该漏洞可以将附件 UUID 注入其他任意评论以发现其内容。
CVSS Information
N/A
Vulnerability Type
N/A