Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2022-27896: CWE-532 Information Exposure Through Log Files in Palantir Foundry Code-Workbooks

0
Medium
VulnerabilityCVE-2022-27896cvecve-2022-27896cwe-532
Published: Mon Nov 14 2022 (11/14/2022, 20:55:11 UTC)
Source: CVE
Vendor/Project: Palantir
Product: Foundry Code-Workbooks

Description

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.

AI-Powered Analysis

AILast updated: 06/25/2025, 07:17:11 UTC

Technical Analysis

CVE-2022-27896 is an information exposure vulnerability classified under CWE-532, affecting Palantir Foundry Code-Workbooks versions 4.144 through 4.460.0. The vulnerability arises because the endpoint supporting the Code-Workbooks Python console generates service log records that include any Python code executed within the console. Critically, these logs contain the Foundry token associated with the Python console session. This token is a sensitive credential that can grant access to the Code-Workbooks environment, potentially allowing unauthorized users to impersonate legitimate sessions or escalate privileges. The vulnerability does not directly impact the integrity or availability of the system but poses a significant confidentiality risk due to the exposure of authentication tokens. Exploitation requires local access (AV:L) with high privileges (PR:H) and user interaction (UI:R), which reduces the ease of exploitation but does not eliminate risk, especially in environments where multiple users share access or where logs might be accessible by less privileged users or attackers who have gained partial access. The issue was resolved in version 4.461.0 of Code-Workbooks, and users are advised to upgrade to this or later versions to mitigate the risk. No known exploits have been reported in the wild to date, but the presence of sensitive tokens in logs is a notable security concern that could be leveraged in targeted attacks or insider threat scenarios.

Potential Impact

For European organizations using Palantir Foundry Code-Workbooks, this vulnerability primarily threatens the confidentiality of sensitive data and credentials. Exposure of Foundry tokens could allow attackers or unauthorized insiders to access or manipulate data within the Code-Workbooks environment, potentially leading to unauthorized data access or lateral movement within the organization's infrastructure. Given that Palantir Foundry is often used in data analytics and decision-making processes across sectors such as finance, government, and critical infrastructure, the compromise of tokens could have cascading effects on data privacy compliance (e.g., GDPR) and operational security. Although the vulnerability does not directly affect system integrity or availability, the potential for unauthorized access to sensitive analytics environments could undermine trust and lead to regulatory penalties or reputational damage. The requirement for high privileges and user interaction limits the attack surface but does not eliminate risk, especially in complex enterprise environments where logs might be aggregated or accessible by multiple teams or systems.

Mitigation Recommendations

1. Immediate upgrade to Palantir Foundry Code-Workbooks version 4.461.0 or later to eliminate the vulnerability. 2. Review and restrict access permissions to service log files to ensure only authorized personnel and systems can read them, minimizing the risk of token exposure. 3. Implement log management best practices such as log redaction or filtering to prevent sensitive tokens from being recorded in logs. 4. Conduct audits of existing logs to identify and securely purge any logs containing exposed tokens. 5. Enforce strict session management and token expiration policies within Foundry to limit the window of opportunity for token misuse. 6. Monitor for unusual access patterns or token usage that could indicate exploitation attempts. 7. Educate administrators and users about the risks of token exposure and the importance of secure handling of logs and credentials. 8. Consider network segmentation and access controls to limit the exposure of the logging infrastructure and the Code-Workbooks environment.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Palantir
Date Reserved
2022-03-25T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983bc4522896dcbedf6a

Added to database: 5/21/2025, 9:09:15 AM

Last enriched: 6/25/2025, 7:17:11 AM

Last updated: 10/16/2025, 3:18:19 PM

Views: 36

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats