Vulnerabilities > CVE-2023-22834 - Missing Authorization vulnerability in Palantir Contour

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

palantir

CWE-862

NVD

Published: 2023-06-27

Updated: 2023-11-07

Summary

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.

Vulnerable Configurations

Part	Description	Count
Application	Palantir Palantir Contour -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8