Vulnerabilities > Palantir > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-30967 | Path Traversal vulnerability in Palantir Orbital Simulator Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | 7.5 |
| 2023-07-10 | CVE-2023-22835 | Unspecified vulnerability in Palantir Foundry Frontend and Foundry Issues A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. | 7.7 |
| 2023-02-16 | CVE-2022-27890 | Improper Certificate Validation vulnerability in Palantir Atlasdb It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. | 7.4 |
| 2023-02-16 | CVE-2022-27892 | Improper Input Validation vulnerability in Palantir Gotham Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | 7.5 |
| 2023-02-16 | CVE-2022-27897 | Improper Input Validation vulnerability in Palantir Gotham Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. | 7.5 |
| 2022-11-15 | CVE-2022-27895 | Information Exposure Through Log Files vulnerability in Palantir Foundry Build2 Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. | 7.5 |
| 2022-11-14 | CVE-2022-27896 | Information Exposure Through Log Files vulnerability in Palantir Foundry Code-Workbooks Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. | 7.5 |