CVE-2023-22833
📋 TL;DR
This vulnerability allows authenticated users within a Palantir Foundry organization to bypass access controls, potentially accessing data they shouldn't have permission to view. It affects Lime2 deployments between versions 2.519.0 and 2.532.0. The issue requires authenticated access but could lead to unauthorized data exposure.
💻 Affected Systems
- Palantir Foundry Lime2
📦 What is this software?
Foundry by Palantir
⚠️ Risk & Real-World Impact
Worst Case
Authenticated malicious insiders could access sensitive data they're not authorized to view, potentially exposing confidential business information, intellectual property, or regulated data.
Likely Case
Accidental or intentional unauthorized access to data by authenticated users who discover the bypass, leading to data privacy violations and compliance issues.
If Mitigated
With proper monitoring and least privilege access controls, impact would be limited to potential policy violations rather than widespread data exposure.
🎯 Exploit Status
Requires authenticated access and knowledge of the specific bypass conditions. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.532.1 or later
Vendor Advisory: https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae
Restart Required: Yes
Instructions:
1. Upgrade Lime2 to version 2.532.1 or later. 2. Restart the Foundry deployment. 3. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Restrict User Permissions
allImplement strict least privilege access controls to limit potential damage if bypass occurs
Enhanced Monitoring
allIncrease logging and monitoring of access patterns to detect unusual data access
🧯 If You Can't Patch
- Implement strict access controls and review all user permissions
- Enable detailed audit logging and monitor for unusual access patterns
🔍 How to Verify
Check if Vulnerable:
Check Lime2 version in Foundry deployment configuration. If version is between 2.519.0 and 2.532.0 inclusive, the system is vulnerable.Check Version:
Check Foundry deployment configuration or contact Palantir support for version verificationVerify Fix Applied:
Verify Lime2 version is 2.532.1 or later and test access controls to ensure they're functioning properly.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to restricted data
- Multiple failed access attempts followed by successful access
- Access from users to resources outside their normal patterns
Network Indicators:
- Increased data transfer volumes from users accessing newly available resources
SIEM Query:
Search for: user accessing resources outside their normal role patterns OR multiple access control violations from same user