Vulnerabilities > Palantir > Gotham

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-27891 Missing Authentication for Critical Function vulnerability in Palantir Gotham
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session.
network
low complexity
palantir CWE-306
5.3
2023-02-16 CVE-2022-27892 Improper Input Validation vulnerability in Palantir Gotham
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
network
low complexity
palantir CWE-20
7.5
2023-02-16 CVE-2022-27897 Improper Input Validation vulnerability in Palantir Gotham
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory.
network
low complexity
palantir CWE-20
7.5