cve/2023/CVE-2023-22834.md

### [CVE-2023-22834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22834)
![](https://img.shields.io/static/v1?label=Product&message=com.palantir.contour%3Acontour-dispatch&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%209.642.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20web%20application%20does%20not%20adequately%20enforce%20appropriate%20authorization%20on%20all%20restricted%20URLs%2C%20scripts%2C%20or%20files.&color=brighgreen)

### Description

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.

### POC

#### Reference
- https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8

#### Github
No PoCs found on GitHub currently.