CVE-2022-27889
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/06/2022
Last modified:
23/06/2022
Description
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:palantir:foundry_multipass:*:*:*:*:*:*:*:* | 3.647.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page