CVE-2024-49589
📋 TL;DR
Foundry Artifacts is vulnerable to a Denial of Service attack where an attacker can fill up disk space by supplying a malicious size argument. This affects all users of vulnerable Foundry Artifacts versions who allow user input for artifact size parameters.
💻 Affected Systems
- Foundry Artifacts
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability due to disk exhaustion, causing service disruption, data loss, and potential cascading failures across dependent systems.
Likely Case
Partial service degradation or temporary unavailability of Foundry Artifacts functionality until disk space is manually cleared.
If Mitigated
Minimal impact with proper input validation and disk usage monitoring preventing successful exploitation.
🎯 Exploit Status
Exploitation requires ability to supply size arguments to Foundry Artifacts, typically through API calls or user interfaces.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in reference; consult Palantir advisory for exact version.
Vendor Advisory: https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3
Restart Required: Yes
Instructions:
1. Review Palantir advisory for patch details. 2. Apply the latest Foundry Artifacts update from official sources. 3. Restart the Foundry Artifacts service. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Implement Input Validation
allAdd server-side validation to reject unreasonably large size arguments before processing.
Configuration dependent; implement validation in artifact size parameter handling code.
Disk Usage Monitoring
allSet up monitoring and alerts for disk space usage to detect potential exploitation early.
# Example for Linux: df -h | grep -E '^/dev'
# Set up monitoring tools like Nagios, Zabbix, or cloud-native solutions
🧯 If You Can't Patch
- Implement strict input validation on all user-supplied size parameters to prevent large values.
- Deploy disk quota management and monitoring to limit and alert on excessive disk usage.
🔍 How to Verify
Check if Vulnerable:
Check if your Foundry Artifacts version is unpatched by comparing against Palantir's advisory. Test by attempting to supply a large size argument and monitoring disk usage.Check Version:
Foundry Artifacts version check method depends on deployment; consult Foundry documentation or check service logs/configuration.Verify Fix Applied:
After patching, attempt to supply a large size argument and confirm it is rejected or properly limited without causing disk exhaustion.📡 Detection & Monitoring
Log Indicators:
- Unusually large artifact creation requests
- Rapid disk space consumption alerts
- Error logs related to disk full conditions
Network Indicators:
- Multiple large payload requests to artifact endpoints
- Abnormal traffic patterns to Foundry Artifacts APIs
SIEM Query:
Example: 'source="foundry-artifacts.log" AND (artifact_size>threshold OR disk_usage>90%)'