Vulnerabilities > Palantir
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-30949 | Origin Validation Error vulnerability in Palantir Slate A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | 5.3 |
| 2023-07-10 | CVE-2023-30956 | Unspecified vulnerability in Palantir Foundry Comments A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. | 5.3 |
| 2023-07-10 | CVE-2023-30960 | Exposure of Resource to Wrong Sphere vulnerability in Palantir Foundry Job-Tracker A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. | 4.3 |
| 2023-07-10 | CVE-2023-30963 | Cross-site Scripting vulnerability in Palantir Foundry Frontend 6.228.0 A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. | 5.4 |
| 2023-07-10 | CVE-2023-22835 | Unspecified vulnerability in Palantir Foundry Frontend and Foundry Issues A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. | 7.7 |
| 2023-06-29 | CVE-2023-30946 | Unspecified vulnerability in Palantir Foundry Issues A security defect was identified in Foundry Issues. | 4.3 |
| 2023-06-29 | CVE-2023-30955 | Incorrect Authorization vulnerability in Palantir Foundry Workspace-Server A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. | 5.4 |
| 2023-06-27 | CVE-2023-22834 | Missing Authorization vulnerability in Palantir Contour The Contour Service was not checking that users had permission to create an analysis for a given dataset. | 4.3 |
| 2023-06-26 | CVE-2023-30945 | Path Traversal vulnerability in Palantir products Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. | 9.8 |
| 2023-06-06 | CVE-2023-22833 | Incorrect Authorization vulnerability in Palantir Foundry Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | 6.5 |