Vulnerabilities > Palantir

DATE CVE VULNERABILITY TITLE RISK
2023-06-06 CVE-2023-30948 Missing Authorization vulnerability in Palantir Foundry Comments
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks.
network
low complexity
palantir CWE-862
6.5
2023-02-16 CVE-2022-27890 Improper Certificate Validation vulnerability in Palantir Atlasdb
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API.
network
high complexity
palantir CWE-295
7.4
2023-02-16 CVE-2022-27891 Missing Authentication for Critical Function vulnerability in Palantir Gotham
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session.
network
low complexity
palantir CWE-306
5.3
2023-02-16 CVE-2022-27892 Improper Input Validation vulnerability in Palantir Gotham 3.22.10.4
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
network
low complexity
palantir CWE-20
7.5
2023-02-16 CVE-2022-27897 Improper Input Validation vulnerability in Palantir Gotham 3.22.10.4
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory.
network
low complexity
palantir CWE-20
7.5
2023-02-16 CVE-2022-48306 Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack.
network
high complexity
palantir CWE-295
6.8
2023-02-16 CVE-2022-48307 Improper Certificate Validation vulnerability in Palantir Magritte-Ftp
It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API.
network
high complexity
palantir CWE-295
3.7
2023-02-16 CVE-2022-48308 Improper Certificate Validation vulnerability in Palantir Sls-Logging
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API.
network
high complexity
palantir CWE-295
3.7
2022-11-15 CVE-2022-27895 Information Exposure Through Log Files vulnerability in Palantir Foundry Build2
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2.
network
low complexity
palantir CWE-532
7.5
2022-11-14 CVE-2022-27896 Information Exposure Through Log Files vulnerability in Palantir Foundry Code-Workbooks 4.144.0/4.460.0
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run.
network
low complexity
palantir CWE-532
7.5