Vulnerabilities > Palantir
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-06 | CVE-2023-30948 | Missing Authorization vulnerability in Palantir Foundry Comments A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. | 6.5 |
| 2023-02-16 | CVE-2022-27890 | Improper Certificate Validation vulnerability in Palantir Atlasdb It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 7.4 |
| 2023-02-16 | CVE-2022-27891 | Missing Authentication for Critical Function vulnerability in Palantir Gotham Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. | 5.3 |
| 2023-02-16 | CVE-2022-27892 | Improper Input Validation vulnerability in Palantir Gotham Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | 7.5 |
| 2023-02-16 | CVE-2022-27897 | Improper Input Validation vulnerability in Palantir Gotham Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. | 7.5 |
| 2023-02-16 | CVE-2022-48306 | Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. | 6.8 |
| 2023-02-16 | CVE-2022-48307 | Improper Certificate Validation vulnerability in Palantir Magritte-Ftp It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
| 2023-02-16 | CVE-2022-48308 | Improper Certificate Validation vulnerability in Palantir Sls-Logging It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 3.7 |
| 2022-11-15 | CVE-2022-27895 | Information Exposure Through Log Files vulnerability in Palantir Foundry Build2 Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. | 7.5 |
| 2022-11-14 | CVE-2022-27896 | Information Exposure Through Log Files vulnerability in Palantir Foundry Code-Workbooks Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. | 7.5 |