CVE Vulnerabilities

CVE-2022-27896

Insertion of Sensitive Information into Log File

Published: Nov 14, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Foundry_code-workbooks Palantir 4.144.0 (including) 4.461.0 (excluding)

Potential Mitigations

References