cvedb.io
CVE-2023-30948
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2023-06-06T15:15:09.350 · Last modified 2026-06-17T05:55:58.043

Summary

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.

Affected products

palantir — foundry_comments

Does this affect you?

Add your gear to cvedb and we'll alert you only when palantir ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.