Vulnerabilities > Palantir
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-30970 | Path Traversal vulnerability in Palantir products Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. | 6.5 |
| 2023-11-15 | CVE-2023-30954 | Race Condition vulnerability in Palantir Video-Application-Server The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. | 3.7 |
| 2023-10-26 | CVE-2023-30967 | Path Traversal vulnerability in Palantir Orbital Simulator Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | 7.5 |
| 2023-10-26 | CVE-2023-30969 | Missing Authorization vulnerability in Palantir Tiles The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. | 6.5 |
| 2023-09-27 | CVE-2023-30959 | Cross-site Scripting vulnerability in Palantir Apollo Autopilot In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | 5.4 |
| 2023-09-27 | CVE-2023-30961 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Palantir Gotham-Fe-Bundle and Titanium-Browser-App-Bundle Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | 6.1 |
| 2023-09-12 | CVE-2023-30962 | Cross-site Scripting vulnerability in Palantir Gotham Cerberus The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. | 5.4 |
| 2023-08-03 | CVE-2023-30950 | Missing Authorization vulnerability in Palantir Foundry Campaigns The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | 5.9 |
| 2023-08-03 | CVE-2023-30951 | XXE vulnerability in Palantir Magritte-Rest-Source-Bundle The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 6.5 |
| 2023-08-03 | CVE-2023-30952 | Unspecified vulnerability in Palantir Foundry A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. | 4.3 |