CVE Vulnerabilities

CVE-2022-27895

Insertion of Sensitive Information into Log File

Published: Nov 15, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Foundry_build2 Palantir * 1.785.0 (excluding)

Potential Mitigations

References