cbcvebase.
CVE-2023-30945
published 2023-06-26

CVE-2023-30945: Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.73%
49.5th percentile
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.

Affected

6 ranges
VendorProductVersion rangeFixed in
palantirclips2< 0.111.20.111.2
palantircom.palantir.gotham_clips2>= * < 0.111.20.111.2
palantircom.palantir.video_video-clip-distributor>= * < 0.24.100.24.10
palantircom.palantir.video_video-history-server>= * < 2.210.32.210.3
palantirvideo_clip_distributor< 0.24.100.24.10
palantirvideo_history_service< 2.210.32.210.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.