cve/2023/CVE-2023-30960.md

### [CVE-2023-30960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30960)
![](https://img.shields.io/static/v1?label=Product&message=com.palantir.foundry.jobtracker%3Ajob-tracker&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%204.645.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20system's%20authorization%20functionality%20does%20not%20prevent%20one%20user%20from%20gaining%20access%20to%20another%20user's%20data%20or%20record%20by%20modifying%20the%20key%20value%20identifying%20the%20data.&color=brighgreen)

### Description

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

### POC

#### Reference
- https://palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b

#### Github
No PoCs found on GitHub currently.