Vulnerabilities > Palantir
| Path Traversal vulnerability in Palantir products
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
| Race Condition vulnerability in Palantir Video-Application-Server
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
| Path Traversal vulnerability in Palantir Orbital Simulator
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
| Missing Authorization vulnerability in Palantir Tiles
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
| Cross-site Scripting vulnerability in Palantir Apollo Autopilot
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Palantir Gotham-Fe-Bundle and Titanium-Browser-App-Bundle
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
| Cross-site Scripting vulnerability in Palantir Gotham Cerberus
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users.
| Missing Authorization vulnerability in Palantir Foundry Campaigns
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
| XXE vulnerability in Palantir Magritte-Rest-Source-Bundle
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
| Unspecified vulnerability in Palantir Foundry
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue.