Search criteria
2 vulnerabilities found for foundry_multipass by palantir
CVE-2022-27889 (GCVE-0-2022-27889)
Vulnerability from nvd – Published: 2022-06-14 13:45 – Updated: 2024-09-16 20:12
VLAI
Title
The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.
Summary
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
Severity
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/palantir/security-bulletins/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | Foundry Multipass |
Affected:
unspecified , < 3.647.0
(custom)
|
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Foundry Multipass",
"vendor": "Palantir",
"versions": [
{
"lessThan": "3.647.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified internally at Palantir. Initial activity was observed as a result of good-faith security research conducted by bug bounty participants."
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T13:45:14.000Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
],
"source": {
"advisory": "PLTRSEC-2022-02",
"discovery": "USER"
},
"title": "The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@palantir.com",
"DATE_PUBLIC": "2022-06-09T13:26:00.000Z",
"ID": "CVE-2022-27889",
"STATE": "PUBLIC",
"TITLE": "The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foundry Multipass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.647.0"
}
]
}
}
]
},
"vendor_name": "Palantir"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was identified internally at Palantir. Initial activity was observed as a result of good-faith security research conducted by bug bounty participants."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md",
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
]
},
"source": {
"advisory": "PLTRSEC-2022-02",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2022-27889",
"datePublished": "2022-06-14T13:45:14.836Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:12:11.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27889 (GCVE-0-2022-27889)
Vulnerability from cvelistv5 – Published: 2022-06-14 13:45 – Updated: 2024-09-16 20:12
VLAI
Title
The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.
Summary
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
Severity
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/palantir/security-bulletins/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | Foundry Multipass |
Affected:
unspecified , < 3.647.0
(custom)
|
Date Public
2022-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Foundry Multipass",
"vendor": "Palantir",
"versions": [
{
"lessThan": "3.647.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified internally at Palantir. Initial activity was observed as a result of good-faith security research conducted by bug bounty participants."
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T13:45:14.000Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
],
"source": {
"advisory": "PLTRSEC-2022-02",
"discovery": "USER"
},
"title": "The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@palantir.com",
"DATE_PUBLIC": "2022-06-09T13:26:00.000Z",
"ID": "CVE-2022-27889",
"STATE": "PUBLIC",
"TITLE": "The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foundry Multipass",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.647.0"
}
]
}
}
]
},
"vendor_name": "Palantir"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was identified internally at Palantir. Initial activity was observed as a result of good-faith security research conducted by bug bounty participants."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md",
"refsource": "MISC",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md"
}
]
},
"source": {
"advisory": "PLTRSEC-2022-02",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2022-27889",
"datePublished": "2022-06-14T13:45:14.836Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:12:11.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}