Foundry
Products
5- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30948 | Med | 0.42 | 6.5 | 0.01 | Jun 6, 2023 | A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to… | ||
| CVE-2023-30951 | Med | 0.41 | 6.3 | 0.00 | Aug 3, 2023 | The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | ||
| CVE-2023-30963 | Med | 0.35 | 5.4 | 0.00 | Jul 10, 2023 | A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry… | ||
| CVE-2023-30958 | Med | 0.31 | 4.7 | 0.00 | Aug 3, 2023 | A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0. | ||
| CVE-2023-30960 | Med | 0.28 | 4.3 | 0.00 | Jul 10, 2023 | A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry… | ||
| CVE-2023-30955 | Med | 0.28 | 4.3 | 0.00 | Jun 29, 2023 | A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a… |
- risk 0.42cvss 6.5epss 0.01
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to…
- risk 0.41cvss 6.3epss 0.00
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
- risk 0.35cvss 5.4epss 0.00
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry…
- risk 0.31cvss 4.7epss 0.00
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
- risk 0.28cvss 4.3epss 0.00
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry…
- risk 0.28cvss 4.3epss 0.00
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a…