CVE-2022-27893 - Vulnerability Details - OpenCVE

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Osisoft-pi-web-connector Project	Osisoft-pi-web-connector

Configuration 1 [-]

cpe:2.3:a:osisoft-pi-web-connector_project:osisoft-pi-web-connector:*:*:*:*:*:foundry_magritte:*:*

No data.

References

Link	Providers
https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md

History

Fri, 02 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Palantir

Published: 2022-11-04T16:05:08.352Z

Updated: 2025-05-02T18:28:49.692Z

Reserved: 2022-03-25T00:00:00.000Z

Link: CVE-2022-27893

Vulnrichment

Updated: 2024-08-03T05:41:10.982Z

NVD

Status : Modified

Published: 2022-11-04T16:15:14.427

Modified: 2024-11-21T06:56:25.760

Link: CVE-2022-27893

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27893", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "assignerShortName": "Palantir", "datePublished": "2022-11-04T16:05:08.352Z", "dateUpdated": "2025-05-02T18:28:49.692Z", "dateReserved": "2022-03-25T00:00:00.000Z"}, "containers": {"cna": {"title": "The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests.", "datePublic": "2022-11-04T00:00:00.000Z", "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2022-11-04T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0."}], "affected": [{"vendor": "Palantir", "product": "Foundry Magritte plugin osisoft-pi-web-connector", "versions": [{"version": "unspecified", "lessThan": "0.43.0", "status": "affected", "versionType": "custom"}, {"version": "next of 0.15.0", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}]}], "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-532 Information Exposure Through Log Files", "cweId": "CWE-532"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["PLTRSEC-2022-03"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.982Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T18:28:31.629595Z", "id": "CVE-2022-27893", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T18:28:49.692Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.982Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-27893", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T18:28:31.629595Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T18:28:40.785Z"}}], "cna": {"title": "The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests.", "source": {"defect": ["PLTRSEC-2022-03"], "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Palantir", "product": "Foundry Magritte plugin osisoft-pi-web-connector", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.43.0", "versionType": "custom"}, {"status": "affected", "version": "next of 0.15.0", "lessThan": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-11-04T00:00:00.000Z", "references": [{"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files"}]}], "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2022-11-04T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-27893", "state": "PUBLISHED", "dateUpdated": "2025-05-02T18:28:49.692Z", "dateReserved": "2022-03-25T00:00:00.000Z", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "datePublished": "2022-11-04T16:05:08.352Z", "assignerShortName": "Palantir"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osisoft-pi-web-connector_project:osisoft-pi-web-connector:*:*:*:*:*:foundry_magritte:*:*", "matchCriteriaId": "BBD80887-7EAA-459F-B352-BF302B6A3ACD", "versionEndExcluding": "0.44.0", "versionStartIncluding": "0.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0."}, {"lang": "es", "value": "Se descubri\u00f3 que el complemento Foundry Magritte osissoft-pi-web-connector versiones 0.15.0 - 0.43.0 registraba de una manera que capturaba las solicitudes de autenticaci\u00f3n. Esta vulnerabilidad se resuelve en osisoft-pi-web-connector versi\u00f3n 0.44.0."}], "id": "CVE-2022-27893", "lastModified": "2024-11-21T06:56:25.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "cve-coordination@palantir.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-04T16:15:14.427", "references": [{"source": "cve-coordination@palantir.com", "tags": ["Third Party Advisory"], "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-03.md"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}