admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#6101

Browse Source 
Auto-merge PR#6101
This commit is contained in:
CVE Team 2022-06-14 09:45:21 -04:00 committed by GitHub
commit 3a1d8dc046
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 82 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
2022/27xxx/CVE-2022-27889.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@palantir.com",
"DATE_PUBLIC": "2022-06-09T13:26:00.000Z",
"ID": "CVE-2022-27889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foundry Multipass",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.647.0"
}
]
}
}
]
},
"vendor_name": "Palantir"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was identified internally at Palantir. Initial activity was observed as a result of good-faith security research conducted by bug bounty participants."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0.\n\nThis issue affects:\nPalantir Foundry Multipass\nversions prior to 3.647.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
]
},
"source": {
"advisory": "PLTRSEC-2022-02",
"discovery": "USER"
}
}
}