Vulnerabilities > Palantir

DATE CVE VULNERABILITY TITLE RISK
2022-11-04 CVE-2022-27894 Cross-site Scripting vulnerability in Palantir Foundry Blobster
The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users.
network
low complexity
palantir CWE-79
5.4
2022-06-14 CVE-2022-27889 Improper Control of Dynamically-Managed Code Resources vulnerability in Palantir Foundry Multipass
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations.
network
low complexity
palantir CWE-913
critical
9.1
2022-04-26 CVE-2022-27888 Information Exposure Through Log Files vulnerability in Palantir Foundry Issues
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens).
local
low complexity
palantir CWE-532
5.5