CVE-2023-30948

Name of the Vulnerable Software and Affected Versions Foundry Comments versions prior to 2.249.0

Description A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover its content.

Recommendations For versions prior to 2.249.0, update to Foundry Comments 2.249.0 to resolve the issue. As a temporary workaround, consider restricting access to the Comments functionality until the update is applied.