Search criteria
41 vulnerabilities
CVE-2025-53709 (GCVE-0-2025-53709)
Vulnerability from cvelistv5 – Published: 2025-07-10 18:38 – Updated: 2025-07-10 19:00
VLAI?
Summary
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.
Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests.
Authenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control.
An endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments.
Finally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.
The affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances.
Severity ?
5.4 (Medium)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.secupload:secure-upload |
Affected:
* , < 0.815.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T19:00:09.941437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:00:21.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.secupload:secure-upload",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.815.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.\n\nUnder specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests.\nAuthenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control.\nAn endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments.\nFinally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.\n\nThe affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:38:31.861Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/285.html"
}
],
"source": {
"defect": [],
"discovery": "INTERNAL"
},
"title": "Access control issues impacting secure-upload service"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-53709",
"datePublished": "2025-07-10T18:38:31.861Z",
"dateReserved": "2025-07-08T20:11:55.448Z",
"dateUpdated": "2025-07-10T19:00:21.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49589 (GCVE-0-2024-49589)
Vulnerability from cvelistv5 – Published: 2025-02-18 17:18 – Updated: 2025-02-18 18:11
VLAI?
Summary
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
Severity ?
6.5 (Medium)
CWE
- CWE-770 - The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.artifacts:artifacts |
Affected:
* , < 0.1337.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:25:31.152997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:26:15.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.artifacts:artifacts",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.1337.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size)."
}
],
"impacts": [
{
"capecId": "CAPEC-572",
"descriptions": [
{
"lang": "en",
"value": "An adversary modifies file contents by adding data to files for several reasons. Many different attacks could follow this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T18:11:28.932Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3"
}
],
"source": {
"defect": [
"PLTRSEC-2024-48"
],
"discovery": "INTERNAL"
},
"title": "Foundry artifacts denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49589",
"datePublished": "2025-02-18T17:18:41.883Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2025-02-18T18:11:28.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49581 (GCVE-0-2024-49581)
Vulnerability from cvelistv5 – Published: 2024-12-02 20:26 – Updated: 2024-12-02 20:46
VLAI?
Summary
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.gotham:external-artifacts |
Affected:
* , < 105.115.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T20:46:08.213429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:46:18.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:external-artifacts",
"vendor": "Palantir",
"versions": [
{
"lessThan": "105.115.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn\u0027t have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. \nThe affected service have been patched and automatically deployed to all Apollo-managed Foundry instances."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:26:15.350Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=b60db1ee-4b1a-475d-848e-c5a670a0da16"
}
],
"source": {
"defect": [
"PLTRSEC-2024-47"
],
"discovery": "INTERNAL"
},
"title": "Access control issue impacting RV backed objects"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49581",
"datePublished": "2024-12-02T20:26:15.350Z",
"dateReserved": "2024-10-16T19:09:45.688Z",
"dateUpdated": "2024-12-02T20:46:18.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49588 (GCVE-0-2024-49588)
Vulnerability from cvelistv5 – Published: 2024-11-21 19:59 – Updated: 2024-11-27 16:13
VLAI?
Summary
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
Severity ?
CWE
- CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar |
Affected:
* , < 0.544.0
(semver)
Affected: 0.347.0 , < * (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oracle-sidecar",
"vendor": "oracle",
"versions": [
{
"lessThan": "0.544.0",
"status": "affected",
"version": "0.347.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:36:09.668611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:13:10.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.544.0",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "0.347.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input."
}
]
},
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:59:45.456Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c"
},
{
"url": "https://cwe.mitre.org/data/definitions/89.html"
}
],
"source": {
"defect": [
"PLTRSEC-2024-46"
],
"discovery": "INTERNAL"
},
"title": "Multiple authenticated SQL injections in oracle-sidecar"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49588",
"datePublished": "2024-11-21T19:59:45.456Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2024-11-27T16:13:10.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30968 (GCVE-0-2023-30968)
Vulnerability from cvelistv5 – Published: 2024-03-12 19:39 – Updated: 2024-08-21 15:33
VLAI?
Summary
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
Severity ?
6.8 (Medium)
CWE
- CWE-434 - The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.acme.gaia:gaia |
Unaffected:
100.240108.11 , < *
(semver)
Unaffected: 100.240203.6 , < * (semver) Unaffected: 100.230807.13 , < * (semver) Unaffected: 100.240205.0-12-gf415217 , < * (semver) Unaffected: 100.231108.82 , < * (semver) Unaffected: 100.231009.47 , < * (semver) Unaffected: 100.240202.9 , < * (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:33:22.486616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:33:34.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme.gaia:gaia",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240108.11",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240203.6",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.230807.13",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240205.0-12-gf415217",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231108.82",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231009.47",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240202.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T19:39:24.226Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
}
],
"source": {
"defect": [
"PLTRSEC-2024-36"
],
"discovery": "INTERNAL"
},
"title": "Stored XSS in gaia"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30968",
"datePublished": "2024-03-12T19:39:24.226Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-08-21T15:33:34.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22836 (GCVE-0-2023-22836)
Vulnerability from cvelistv5 – Published: 2024-01-29 18:50 – Updated: 2025-06-17 21:29
VLAI?
Summary
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
Severity ?
CWE
- CWE-862 - The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.skywise:guardian |
Affected:
* , < 2.278.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T17:40:00.781341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:16.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.skywise:guardian",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.278.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:50:37.543Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682"
}
],
"source": {
"defect": [
"PLTRSEC-2023-11"
],
"discovery": "EXTERNAL"
},
"title": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-22836",
"datePublished": "2024-01-29T18:50:37.543Z",
"dateReserved": "2023-01-06T21:43:46.848Z",
"dateUpdated": "2025-06-17T21:29:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30970 (GCVE-0-2023-30970)
Vulnerability from cvelistv5 – Published: 2024-01-29 18:27 – Updated: 2025-05-29 15:08
VLAI?
Summary
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
Severity ?
6.5 (Medium)
CWE
- CWE-36 - The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.gotham:blackbird-witchcraft |
Affected:
* , < 104.30231002.10
(semver)
Affected: * , < 104.30231001.8 (semver) Affected: * , < 104.30230807.59 (semver) Affected: * , < 104.30230908.21 (semver) Affected: * , < 103.30230304.433 (semver) Affected: * , < 104.30230604.81 (semver) Affected: * , < 104.30231003.9 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:41.629289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:08:34.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:blackbird-witchcraft",
"vendor": "Palantir",
"versions": [
{
"lessThan": "104.30231002.10",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231001.8",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230807.59",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230908.21",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "103.30230304.433",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230604.81",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231003.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \"/abs/path\" that can resolve to a location that is outside of that directory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:27:26.850Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"source": {
"defect": [
"PLTRSEC-2023-37"
],
"discovery": "INTERNAL"
},
"title": "Gotham table and Forward App Path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30970",
"datePublished": "2024-01-29T18:27:26.850Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2025-05-29T15:08:34.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30954 (GCVE-0-2023-30954)
Vulnerability from cvelistv5 – Published: 2023-11-15 19:43 – Updated: 2024-08-29 14:49
VLAI?
Summary
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
Severity ?
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.video:video-application-server |
Affected:
* , < 2.206.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:41:20.646899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:49:41.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.video:video-application-server",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.206.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/CR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T19:43:36.051Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567"
}
],
"source": {
"defect": [
"PLTRSEC-2023-12"
],
"discovery": "INTERNAL"
},
"title": "Gotham Video Broken Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30954",
"datePublished": "2023-11-15T19:43:36.051Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-08-29T14:49:41.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30967 (GCVE-0-2023-30967)
Vulnerability from cvelistv5 – Published: 2023-10-25 23:18 – Updated: 2024-09-10 16:39
VLAI?
Summary
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
Severity ?
9.8 (Critical)
CWE
- CWE-22 - The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
- CWE-287 - When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.meta:orbital-simulator |
Affected:
* , < 0.692.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:38:52.522165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:39:11.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.meta:orbital-simulator",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.692.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. "
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T23:18:23.681Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"
}
],
"source": {
"defect": [
"PLTRSEC-2023-36"
],
"discovery": "INTERNAL"
},
"title": "Gotham Orbital Simulator path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30967",
"datePublished": "2023-10-25T23:18:23.681Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-09-10T16:39:11.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30969 (GCVE-0-2023-30969)
Vulnerability from cvelistv5 – Published: 2023-10-25 23:16 – Updated: 2024-09-10 16:40
VLAI?
Summary
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
Severity ?
8.2 (High)
CWE
- CWE-284 - The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.tiles:tiles |
Affected:
* , < 4.326.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:40:33.249053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:40:49.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.tiles:tiles",
"vendor": "Palantir",
"versions": [
{
"lessThan": "4.326.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T23:16:06.131Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7"
}
],
"source": {
"defect": [
"PLTRSEC-2023-35"
],
"discovery": "INTERNAL"
},
"title": "Palantir Tiles missing authentication on API endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30969",
"datePublished": "2023-10-25T23:16:06.131Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-09-10T16:40:49.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30961 (GCVE-0-2023-30961)
Vulnerability from cvelistv5 – Published: 2023-09-26 18:01 – Updated: 2024-09-24 13:45
VLAI?
Summary
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
Severity ?
6.5 (Medium)
CWE
- CWE-710 - The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palantir | com.palantir.acme:gotham-fe-bundle |
Affected:
* , < 100.30230706.22
(semver)
Affected: 100.30230702.0 , < * (semver) Affected: * , < 100.30230702.24 (semver) Affected: * , < 100.30230704.15 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8bdf-f95ef3692da4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:24:32.712733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:45:46.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme:gotham-fe-bundle",
"vendor": "Palantir",
"versions": [
{
"lessThan": "100.30230706.22",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "100.30230702.0",
"versionType": "semver"
},
{
"lessThan": "100.30230702.24",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "100.30230704.15",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.acme:titanium-browser-app-bundle",
"vendor": "Palantir",
"versions": [
{
"status": "affected",
"version": "100.30230706.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-710",
"description": "The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T18:01:07.257Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8bdf-f95ef3692da4"
}
],
"source": {
"defect": [
"PLTRSEC-2023-30"
],
"discovery": "INTERNAL"
},
"title": "Palantir Gotham UI bug that could lead to incorrect data classification"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30961",
"datePublished": "2023-09-26T18:01:07.257Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-09-24T13:45:46.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30959 (GCVE-0-2023-30959)
Vulnerability from cvelistv5 – Published: 2023-09-26 17:56 – Updated: 2024-09-24 13:47
VLAI?
Summary
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
Severity ?
4.1 (Medium)
CWE
- CWE-84 - The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.apollo:autopilot |
Affected:
* , < 3.308.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:24:39.959694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:47:53.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.apollo:autopilot",
"vendor": "Palantir",
"versions": [
{
"lessThan": "3.308.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users\u0027 privilege level. An attack of this type exploits a programs\u0027 vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-84",
"description": "The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T17:56:20.817Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63"
}
],
"source": {
"defect": [
"PLTRSEC-2023-33"
],
"discovery": "INTERNAL"
},
"title": "Stored XSS via javascript URI in Apollo Change Requests comment"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30959",
"datePublished": "2023-09-26T17:56:20.817Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-09-24T13:47:53.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30962 (GCVE-0-2023-30962)
Vulnerability from cvelistv5 – Published: 2023-09-12 18:29 – Updated: 2024-09-25 15:23
VLAI?
Summary
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
Severity ?
6.8 (Medium)
CWE
- CWE-434 - The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.acme.cerberus:cerberus |
Affected:
* , < 100.230704.0-27-g031dd58
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:01:25.276014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:23:04.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme.cerberus:cerberus",
"vendor": "Palantir",
"versions": [
{
"lessThan": "100.230704.0-27-g031dd58",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 ."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-12T18:29:42.065Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0"
}
],
"source": {
"defect": [
"PLTRSEC-2023-29"
],
"discovery": "INTERNAL"
},
"title": "Stored XSS in cerberus attachments"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30962",
"datePublished": "2023-09-12T18:29:42.065Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-09-25T15:23:04.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30952 (GCVE-0-2023-30952)
Vulnerability from cvelistv5 – Published: 2023-08-03 21:12 – Updated: 2024-10-09 19:47
VLAI?
Summary
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
Severity ?
5 (Medium)
CWE
- CWE-20 - The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.foundry:foundry-frontend |
Unaffected:
6.228.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:26:03.798457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:47:12.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.foundry:foundry-frontend",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "6.228.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 ."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (\u0026). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput\u0026new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product receives input or data, but it does\n not validate or incorrectly validates that the input has the\n properties that are required to process the data safely and\n correctly.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T21:12:53.803Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4"
}
],
"source": {
"defect": [
"PLTRSEC-2023-19"
],
"discovery": "EXTERNAL"
},
"title": "Foundry Issues reporterPath phishing by parameter injection"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30952",
"datePublished": "2023-08-03T21:12:53.803Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-10-09T19:47:12.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30950 (GCVE-0-2023-30950)
Vulnerability from cvelistv5 – Published: 2023-08-03 21:10 – Updated: 2024-10-09 19:49
VLAI?
Summary
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
Severity ?
6.5 (Medium)
CWE
- CWE-290 - This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.campaigns:campaigns |
Affected:
* , < 0.623.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:26:12.602486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:49:25.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.campaigns:campaigns",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.623.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T21:10:15.711Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a"
}
],
"source": {
"defect": [
"PLTRSEC-2023-21"
],
"discovery": "INTERNAL"
},
"title": "CVE-2023-30950 "
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30950",
"datePublished": "2023-08-03T21:10:15.711Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-10-09T19:49:25.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30958 (GCVE-0-2023-30958)
Vulnerability from cvelistv5 – Published: 2023-08-03 21:09 – Updated: 2024-10-09 20:10
VLAI?
Summary
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.
This defect was resolved with the release of Foundry Frontend 6.225.0.
Severity ?
4.7 (Medium)
CWE
- CWE-83 - The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.foundry:foundry-frontend |
Affected:
* , < 6.225.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:26:22.213930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:10:39.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.foundry:foundry-frontend",
"vendor": "Palantir",
"versions": [
{
"lessThan": "6.225.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry\u0027s CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-83",
"description": "The product does not neutralize or incorrectly neutralizes \"javascript:\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T21:09:10.026Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=5764b094-d3c0-4380-90f2-234f36116c9b"
}
],
"source": {
"defect": [
"PLTRSEC-2023-27"
],
"discovery": "EXTERNAL"
},
"title": "DOM XSS in Developer mode dashboard via redirect GET parameter"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30958",
"datePublished": "2023-08-03T21:09:10.026Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-09T20:10:39.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30951 (GCVE-0-2023-30951)
Vulnerability from cvelistv5 – Published: 2023-08-03 21:07 – Updated: 2024-10-09 20:11
VLAI?
Summary
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
Severity ?
6.3 (Medium)
CWE
- CWE-611 - The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.magritte:magritte-rest-source-bundle |
Affected:
* , < 7.210.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=fe021f28-9e25-42c4-acd8-772cd8006ced"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:26:52.034615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:11:00.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.magritte:magritte-rest-source-bundle",
"vendor": "Palantir",
"versions": [
{
"lessThan": "7.210.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). "
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate documents with external references, there may be no checks on the nature of the reference in the external data. This can allow an adversary to open arbitrary files or connections, which may further lead to the adversary gaining access to information on the system that they would normally be unable to obtain."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T21:07:11.189Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=fe021f28-9e25-42c4-acd8-772cd8006ced"
}
],
"source": {
"defect": [
"PLTRSEC-2023-20"
],
"discovery": "INTERNAL"
},
"title": "CVE-2023-30951 "
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30951",
"datePublished": "2023-08-03T21:07:11.189Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-10-09T20:11:00.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30949 (GCVE-0-2023-30949)
Vulnerability from cvelistv5 – Published: 2023-07-26 17:35 – Updated: 2024-10-15 15:55
VLAI?
Summary
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
Severity ?
4.3 (Medium)
CWE
- CWE-1173 - The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.slate:slate |
Affected:
* , < 6.207.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T15:19:58.075311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:55:16.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.slate:slate",
"vendor": "Palantir",
"versions": [
{
"lessThan": "6.207.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page\u0027s content, which could lead to phishing attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or \"fishing\" for information."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1173",
"description": "The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T17:35:04.827Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc"
}
],
"source": {
"defect": [
"PLTRSEC-2023-22"
],
"discovery": "EXTERNAL"
},
"title": "CVE-2023-30949"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30949",
"datePublished": "2023-07-26T17:35:04.827Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-10-15T15:55:16.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30956 (GCVE-0-2023-30956)
Vulnerability from cvelistv5 – Published: 2023-07-10 21:07 – Updated: 2024-10-23 17:30
VLAI?
Summary
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
Severity ?
5.3 (Medium)
CWE
- CWE-639 - The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.comments:comments |
Affected:
* , < 2.267.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:27:44.330773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:30:12.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.comments:comments",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.267.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "The system\u0027s authorization functionality does not prevent one user from gaining access to another user\u0027s data or record by modifying the key value identifying the data.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T21:07:31.073Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a"
}
],
"source": {
"defect": [
"PLTRSEC-2023-24"
],
"discovery": "EXTERNAL"
},
"title": "IDOR in Foundry Comments allows retrieval of attachments"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30956",
"datePublished": "2023-07-10T21:07:31.073Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-23T17:30:12.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30960 (GCVE-0-2023-30960)
Vulnerability from cvelistv5 – Published: 2023-07-10 21:05 – Updated: 2024-10-23 17:43
VLAI?
Summary
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.foundry.jobtracker:job-tracker |
Affected:
* , < 4.645.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:43:00.991393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:43:12.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.foundry.jobtracker:job-tracker",
"vendor": "Palantir",
"versions": [
{
"lessThan": "4.645.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "An adversary manipulates the use or processing of an interface (e.g. Application Programming Interface (API) or System-on-Chip (SoC)) resulting in an adverse impact upon the security of the system implementing the interface. This can allow the adversary to bypass access control and/or execute functionality not intended by the interface implementation, possibly compromising the system which integrates the interface. Interface manipulation can take on a number of forms including forcing the unexpected use of an interface or the use of an interface in an unintended way."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "The system\u0027s authorization functionality does not prevent one user from gaining access to another user\u0027s data or record by modifying the key value identifying the data.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T21:05:23.372Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b"
}
],
"source": {
"defect": [
"PLTRSEC-2023-26"
],
"discovery": "EXTERNAL"
},
"title": "Insecure Direct Object Reference (IDOR) in Foundry job-tracker"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30960",
"datePublished": "2023-07-10T21:05:23.372Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-23T17:43:12.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30963 (GCVE-0-2023-30963)
Vulnerability from cvelistv5 – Published: 2023-07-10 21:04 – Updated: 2024-10-21 21:10
VLAI?
Summary
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Severity ?
5.4 (Medium)
CWE
- CWE-82 - The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.foundry:foundry-frontend |
Affected:
* , < 6.229.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:55.297034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:10:50.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.foundry:foundry-frontend",
"vendor": "Palantir",
"versions": [
{
"lessThan": "6.229.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry\u0027s CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-82",
"description": "The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T21:04:08.584Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a"
}
],
"source": {
"defect": [
"PLTRSEC-2023-28"
],
"discovery": "EXTERNAL"
},
"title": "Stored XSS in Foundry Slate Query Dropdown menu"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30963",
"datePublished": "2023-07-10T21:04:08.584Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-21T21:10:50.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22835 (GCVE-0-2023-22835)
Vulnerability from cvelistv5 – Published: 2023-07-10 20:58 – Updated: 2024-10-29 13:43
VLAI?
Summary
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants.
This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
Severity ?
7.7 (High)
CWE
- CWE-20 - The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palantir | com.palantir.foundry:foundry-frontend |
Affected:
* , < 6.228.0
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=0e2e79bd-cc03-42a8-92c2-c0e68a1ea53d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:39:25.198267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:43:59.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.foundry:foundry-frontend",
"vendor": "Palantir",
"versions": [
{
"lessThan": "6.228.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.issues:issues",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.510.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants.\n\nThis defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0."
}
],
"impacts": [
{
"capecId": "CAPEC-74",
"descriptions": [
{
"lang": "en",
"value": "\nThe adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.\n\n\nState management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.\n\n\nIf there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data.\n\n\n"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product receives input or data, but it does\n not validate or incorrectly validates that the input has the\n properties that are required to process the data safely and\n correctly.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:58:14.697Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=0e2e79bd-cc03-42a8-92c2-c0e68a1ea53d"
}
],
"source": {
"defect": [
"PLTRSEC-2023-25"
],
"discovery": "EXTERNAL"
},
"title": "Denial of Service in Foundry Issues"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-22835",
"datePublished": "2023-07-10T20:58:14.697Z",
"dateReserved": "2023-01-06T21:43:46.848Z",
"dateUpdated": "2024-10-29T13:43:59.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30946 (GCVE-0-2023-30946)
Vulnerability from cvelistv5 – Published: 2023-06-29 18:49 – Updated: 2024-10-28 13:03
VLAI?
Summary
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.issues:issues |
Affected:
* , < 2.497.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T13:03:38.674884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:03:50.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.issues:issues",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.497.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry\u0027s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "The product protects a primary channel, but it does not use the same level of protection for an alternate channel.",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "A product requires authentication, but the product has an alternate path or channel that does not require authentication.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T18:49:23.694Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3"
}
],
"source": {
"defect": [
"PLTRSEC-2023-15"
],
"discovery": "EXTERNAL"
},
"title": "Issues notification metadata lacks authorization"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30946",
"datePublished": "2023-06-29T18:49:23.694Z",
"dateReserved": "2023-04-21T10:39:02.384Z",
"dateUpdated": "2024-10-28T13:03:50.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30955 (GCVE-0-2023-30955)
Vulnerability from cvelistv5 – Published: 2023-06-29 18:46 – Updated: 2024-10-28 13:03
VLAI?
Summary
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
Severity ?
4.3 (Medium)
CWE
- CWE-602 - The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.workspace:workspace |
Affected:
* , < 7.7.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=0c3f6c33-4eb0-48b5-ab87-fe48c46a4170"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T13:03:16.498956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:03:28.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.workspace:workspace",
"vendor": "Palantir",
"versions": [
{
"lessThan": "7.7.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to \u0027Developer Mode\u0027. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T18:46:33.710Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=0c3f6c33-4eb0-48b5-ab87-fe48c46a4170"
}
],
"source": {
"defect": [
"PLTRSEC-2023-23"
],
"discovery": "EXTERNAL"
},
"title": "Foundry workspace-server Developer Mode Authorization Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30955",
"datePublished": "2023-06-29T18:46:33.710Z",
"dateReserved": "2023-04-21T11:25:51.028Z",
"dateUpdated": "2024-10-28T13:03:28.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22834 (GCVE-0-2023-22834)
Vulnerability from cvelistv5 – Published: 2023-06-26 23:06 – Updated: 2024-11-07 18:29
VLAI?
Summary
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
Severity ?
CWE
- CWE-425 - The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.contour:contour-dispatch |
Affected:
* , < 9.642.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T18:28:55.612164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:29:04.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.contour:contour-dispatch",
"vendor": "Palantir",
"versions": [
{
"lessThan": "9.642.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/AR:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T23:06:00.892Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=14874400-e9c9-4ac4-a8a6-9f4c48a56ff8"
}
],
"source": {
"defect": [
"PLTRSEC-2023-09"
],
"discovery": "INTERNAL"
},
"title": "The contour service was not checking that users had permission to create an analysis for a given dataset"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-22834",
"datePublished": "2023-06-26T23:06:00.892Z",
"dateReserved": "2023-01-06T21:43:46.848Z",
"dateUpdated": "2024-11-07T18:29:04.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30945 (GCVE-0-2023-30945)
Vulnerability from cvelistv5 – Published: 2023-06-26 23:00 – Updated: 2024-12-05 14:30
VLAI?
Summary
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
- CWE-22 - The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Palantir | com.palantir.gotham:clips2 |
Affected:
* , < 0.111.2
(semver)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T14:30:00.403117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:30:12.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:clips2",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.111.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.video:video-history-server",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.210.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.video:video-clip-distributor",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.24.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:M",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T23:00:08.676Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9"
}
],
"source": {
"defect": [
"PLTRSEC-2023-18"
],
"discovery": "INTERNAL"
},
"title": "CVE-2023-30945 "
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30945",
"datePublished": "2023-06-26T23:00:08.676Z",
"dateReserved": "2023-04-21T10:39:02.384Z",
"dateUpdated": "2024-12-05T14:30:12.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22833 (GCVE-0-2023-22833)
Vulnerability from cvelistv5 – Published: 2023-06-06 18:55 – Updated: 2025-01-07 16:24
VLAI?
Summary
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
Severity ?
7.6 (High)
CWE
- CWE-304 - The product implements an authentication technique, but it skips a step that weakens the technique.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.lime:lime2 |
Affected:
2.519.0 , < 2.532.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T16:23:48.399139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T16:24:09.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.lime:lime2",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.532.0",
"status": "affected",
"version": "2.519.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances."
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "The product implements an authentication technique, but it skips a step that weakens the technique.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-08T16:49:59.385Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae"
}
],
"source": {
"defect": [
"PLTRSEC-2023-17"
],
"discovery": "INTERNAL"
},
"title": "Mandatory control bypass in Lime2"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-22833",
"datePublished": "2023-06-06T18:55:06.549Z",
"dateReserved": "2023-01-06T21:43:46.848Z",
"dateUpdated": "2025-01-07T16:24:09.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30948 (GCVE-0-2023-30948)
Vulnerability from cvelistv5 – Published: 2023-06-06 14:12 – Updated: 2025-01-07 18:15
VLAI?
Summary
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Severity ?
6.5 (Medium)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | com.palantir.comments:comments |
Affected:
* , < 2.249.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T18:14:53.545428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T18:15:43.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.comments:comments",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.249.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security defect in Foundry\u0027s Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it\u0027s content.\n\nThis defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (\u0026). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value \"myInput\u0026new_param=myValue\", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T14:12:59.240Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=101b083b-6389-4261-98f8-23448e133a62"
}
],
"source": {
"defect": [
"PLTRSEC-2023-16"
],
"discovery": "EXTERNAL"
},
"title": "Retrieval of Attachments to Comments lacks Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30948",
"datePublished": "2023-06-06T14:12:59.240Z",
"dateReserved": "2023-04-21T10:39:02.384Z",
"dateUpdated": "2025-01-07T18:15:43.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48307 (GCVE-0-2022-48307)
Vulnerability from cvelistv5 – Published: 2023-02-16 00:00 – Updated: 2025-03-18 15:05
VLAI?
Summary
It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack.
Severity ?
6.3 (Medium)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | Foundry Magritte |
Affected:
unspecified , < 9.466.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-13.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T15:04:58.039118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:05:06.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Foundry Magritte",
"vendor": "Palantir",
"versions": [
{
"lessThan": "9.466.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00.000Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-13.md"
}
],
"source": {
"advisory": "PLTRSEC-2022-13",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2022-48307",
"datePublished": "2023-02-16T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:05:06.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48306 (GCVE-0-2022-48306)
Vulnerability from cvelistv5 – Published: 2023-02-16 00:00 – Updated: 2025-03-18 15:08
VLAI?
Summary
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.
Severity ?
5.7 (Medium)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palantir | Palantir Gotham Chat IRC helper |
Affected:
unspecified , < 30221005.210011.9242
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T15:08:01.781977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:08:04.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Palantir Gotham Chat IRC helper",
"vendor": "Palantir",
"versions": [
{
"lessThan": "30221005.210011.9242",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00.000Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md"
}
],
"source": {
"advisory": "PLTRSEC-2023-02",
"discovery": "EXTERNAL"
},
"title": "Gotham Chat IRC help does not validate hostnames in TLS certificates",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2022-48306",
"datePublished": "2023-02-16T00:00:00.000Z",
"dateReserved": "2023-02-02T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:08:04.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}