PT-2022-18675 · Palantir · Palantir Foundry Code-Workbooks

Published

2022-11-14

Updated

2022-11-18

CVE-2022-27896

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Palantir Foundry Code-Workbooks versions 4.144 through 4.460.0

Description The issue is related to Information Exposure Through Log Files in Foundry Code-Workbooks. The endpoint backing the console generates service log records of any Python code being run, which includes the Foundry token representing the Code-Workbooks Python console.

Recommendations For versions 4.144 through 4.460.0, upgrade to Code-Workbooks version 4.461.0 to resolve the issue. As a temporary workaround, consider restricting access to the service logs to minimize the risk of exploitation.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2022-27896

Affected Products

Palantir Foundry Code-Workbooks

PT-2022-18675 · Palantir · Palantir Foundry Code-Workbooks

CVE-2022-27896

Weakness Enumeration

Related Identifiers

Affected Products

References · 5