Palantir

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-30970 1Palantir 2Gotham Blackbird Witchcraft Gotham Static Assets Servlet Nov 21, 2024 Jan 29, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
CVE-2023-30954 1Palantir 1Video Application Server Nov 21, 2024 Nov 15, 2023 N/A· v4 3.7 LOW· v3 N/A· v2 The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
CVE-2023-30969 1Palantir 1Tiles Nov 21, 2024 Oct 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
CVE-2023-30967 1Palantir 1Orbital Simulator Nov 21, 2024 Oct 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
CVE-2023-30961 1Palantir 2Gotham Fe Bundle Titanium Browser App Bundle Nov 21, 2024 Sep 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
CVE-2023-30959 1Palantir 1Apollo Autopilot Nov 21, 2024 Sep 27, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
CVE-2023-30962 1Palantir 1Gotham Cerberus Nov 21, 2024 Sep 12, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resol...Show more The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .Show less
CVE-2023-30952 1Palantir 1Foundry Nov 21, 2024 Aug 3, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
CVE-2023-30951 1Palantir 1Magritte Rest Source Bundle Nov 21, 2024 Aug 3, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
CVE-2023-30950 1Palantir 1Foundry Campaigns Nov 21, 2024 Aug 3, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
CVE-2023-30949 1Palantir 1Slate Nov 21, 2024 Jul 26, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
CVE-2023-30963 1Palantir 1Foundry Frontend Nov 21, 2024 Jul 10, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0....Show more A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required. Show less
CVE-2023-30960 1Palantir 1Foundry Job Tracker Nov 21, 2024 Jul 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. T...Show more A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. Show less
CVE-2023-30956 1Palantir 1Foundry Comments Nov 21, 2024 Jul 10, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was res...Show more A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. Show less
CVE-2023-22835 1Palantir 2Foundry Frontend Foundry Issues Nov 21, 2024 Jul 10, 2023 N/A· v4 7.7 HIGH· v3 N/A· v2 A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants....Show more A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.Show less
CVE-2023-30955 1Palantir 1Foundry Workspace Server Nov 21, 2024 Jun 29, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability...Show more A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.Show less
CVE-2023-30946 1Palantir 1Foundry Issues Nov 21, 2024 Jun 29, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive m...Show more A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.Show less
CVE-2023-22834 1Palantir 1Contour Nov 21, 2024 Jun 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would other...Show more The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.Show less
CVE-2023-30945 1Palantir 3Clips2 Video Clip DistributorVideo History Service Nov 21, 2024 Jun 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validatio...Show more Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.Show less
CVE-2023-22833 1Palantir 1Foundry Nov 21, 2024 Jun 6, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls un...Show more Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.Show less

12 Next