CVE-2023-30955
EUVD-2023-3529329.06.2023, 19:15
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| palantir | foundry_workspace-server | 𝑥 < 7.7.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-602 - Client-Side Enforcement of Server-Side SecurityThe product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.