CVE-2022-27895 - Vulnerability Details - OpenCVE

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Palantir	Foundry Build2

Configuration 1 [-]

cpe:2.3:a:palantir:foundry_build2:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md

History

Tue, 29 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 17 Sep 2024 01:15:00 +0000

Type	Values Removed	Values Added
Title	A component in Foundry logging was found to be capturing sensitive information in logs.	A component in Foundry logging was found to be capturing sensitive information in logs.

MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2022-11-15T19:45:12.275Z

Updated: 2025-04-29T20:08:00.710Z

Reserved: 2022-03-25T00:00:00.000Z

Link: CVE-2022-27895

Vulnrichment

Updated: 2024-08-03T05:41:10.879Z

NVD

Status : Modified

Published: 2022-11-15T20:15:10.930

Modified: 2024-11-21T06:56:26.030

Link: CVE-2022-27895

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27895", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "assignerShortName": "Palantir", "datePublished": "2022-11-15T19:45:12.275Z", "dateUpdated": "2025-04-29T20:08:00.710Z", "dateReserved": "2022-03-25T00:00:00.000Z"}, "containers": {"cna": {"title": "A component in Foundry logging was found to be capturing sensitive information in logs.", "datePublic": "2022-11-14T00:00:00.000Z", "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2022-11-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."}], "affected": [{"vendor": "Palantir", "product": "Foundry Build2", "versions": [{"version": "unspecified", "lessThan": "1.785.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-532 Information Exposure Through Log Files", "cweId": "CWE-532"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["PLTRSEC-2022-06"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.879Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-29T20:07:43.465718Z", "id": "CVE-2022-27895", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T20:08:00.710Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.879Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-27895", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-29T20:07:43.465718Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T20:07:56.381Z"}}], "cna": {"title": "A component in Foundry logging was found to be capturing sensitive information in logs.", "source": {"defect": ["PLTRSEC-2022-06"], "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Palantir", "product": "Foundry Build2", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.785.0", "versionType": "custom"}]}], "datePublic": "2022-11-14T00:00:00.000Z", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files"}]}], "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2022-11-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-27895", "state": "PUBLISHED", "dateUpdated": "2025-04-29T20:08:00.710Z", "dateReserved": "2022-03-25T00:00:00.000Z", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "datePublished": "2022-11-15T19:45:12.275Z", "assignerShortName": "Palantir"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:palantir:foundry_build2:*:*:*:*:*:*:*:*", "matchCriteriaId": "86FDD22C-382A-4B0F-ADBD-AAA9484C76E8", "versionEndExcluding": "1.785.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n a trav\u00e9s de archivos de registro descubierta en Foundry cuando los registros se capturaron utilizando una librer\u00eda subyacente conocida como Build2. Este problema estaba presente en versiones anteriores a la 1.785.0. Actualice a Build2 versi\u00f3n 1.785.0 o superior."}], "id": "CVE-2022-27895", "lastModified": "2024-11-21T06:56:26.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "cve-coordination@palantir.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-15T20:15:10.930", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Third Party Advisory"], "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}