Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for com.palantir.lime:lime2 by Palantir

    CVE-2023-22833 (GCVE-0-2023-22833)

    Vulnerability from nvd – Published: 2023-06-06 18:55 – Updated: 2025-01-07 16:24
    VLAI
    Title
    Mandatory control bypass in Lime2
    Summary
    Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-304 - The product implements an authentication technique, but it skips a step that weakens the technique.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.lime:lime2 Affected: 2.519.0 , < 2.532.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T16:23:48.399139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T16:24:09.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.lime:lime2",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "2.532.0",
                  "status": "affected",
                  "version": "2.519.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-304",
                  "description": "The product implements an authentication technique, but it skips a step that weakens the technique.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-08T16:49:59.385Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2023-17"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Mandatory control bypass in Lime2"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-22833",
        "datePublished": "2023-06-06T18:55:06.549Z",
        "dateReserved": "2023-01-06T21:43:46.848Z",
        "dateUpdated": "2025-01-07T16:24:09.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22833 (GCVE-0-2023-22833)

    Vulnerability from cvelistv5 – Published: 2023-06-06 18:55 – Updated: 2025-01-07 16:24
    VLAI
    Title
    Mandatory control bypass in Lime2
    Summary
    Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-304 - The product implements an authentication technique, but it skips a step that weakens the technique.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.lime:lime2 Affected: 2.519.0 , < 2.532.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:20:31.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T16:23:48.399139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T16:24:09.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.lime:lime2",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "2.532.0",
                  "status": "affected",
                  "version": "2.519.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-304",
                  "description": "The product implements an authentication technique, but it skips a step that weakens the technique.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-08T16:49:59.385Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2023-17"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Mandatory control bypass in Lime2"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-22833",
        "datePublished": "2023-06-06T18:55:06.549Z",
        "dateReserved": "2023-01-06T21:43:46.848Z",
        "dateUpdated": "2025-01-07T16:24:09.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }