VYPR
Vendor

Foundry

Products
5
CVEs
6
Across products
6
Status
Private

Products

5

Recent CVEs

6
  • CVE-2023-30948MedJun 6, 2023
    risk 0.42cvss 6.5epss 0.01

    A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to…

  • CVE-2023-30951MedAug 3, 2023
    risk 0.41cvss 6.3epss 0.00

    The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).

  • CVE-2023-30963MedJul 10, 2023
    risk 0.35cvss 5.4epss 0.00

    A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry…

  • CVE-2023-30958MedAug 3, 2023
    risk 0.31cvss 4.7epss 0.00

    A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.

  • CVE-2023-30960MedJul 10, 2023
    risk 0.28cvss 4.3epss 0.00

    A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry…

  • CVE-2023-30955MedJun 29, 2023
    risk 0.28cvss 4.3epss 0.00

    A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a…