PT-2023-23085 · Unknown · Foundry Comments
Published
2023-07-10
·
Updated
2023-07-18
·
CVE-2023-30956
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Foundry Comments versions prior to 2.267.0
Description
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment.
Recommendations
For versions prior to 2.267.0, update to Foundry Comments 2.267.0 to resolve the issue. As a temporary workaround, consider restricting access to attachments or limiting the information that can be discovered through the internal UUID of the target attachment until the update is applied.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foundry Comments