cvelist/2022/27xxx/CVE-2022-27895.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve-coordination@palantir.com",
        "DATE_PUBLIC": "2022-11-14T17:00:00.000Z",
        "ID": "CVE-2022-27895",
        "STATE": "PUBLIC",
        "TITLE": "A component in Foundry logging was found to be capturing sensitive information in logs. "
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Foundry Build2",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_value": "1.785.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Palantir"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-532 Information Exposure Through Log Files"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md",
                "name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"
            }
        ]
    },
    "source": {
        "defect": [
            "PLTRSEC-2022-06"
        ],
        "discovery": "INTERNAL"
    }
}