Vulnerabilities > Palantir > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2023-30970 Path Traversal vulnerability in Palantir products
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
network
low complexity
palantir CWE-22
6.5
2023-10-26 CVE-2023-30969 Missing Authorization vulnerability in Palantir Tiles
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
network
low complexity
palantir CWE-862
6.5
2023-09-27 CVE-2023-30959 Cross-site Scripting vulnerability in Palantir Apollo Autopilot
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
network
low complexity
palantir CWE-79
5.4
2023-09-27 CVE-2023-30961 Improper Restriction of Rendered UI Layers or Frames vulnerability in Palantir Gotham-Fe-Bundle and Titanium-Browser-App-Bundle
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
network
low complexity
palantir CWE-1021
6.1
2023-09-12 CVE-2023-30962 Cross-site Scripting vulnerability in Palantir Gotham Cerberus
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users.
network
low complexity
palantir CWE-79
5.4
2023-08-03 CVE-2023-30950 Missing Authorization vulnerability in Palantir Foundry Campaigns
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
network
high complexity
palantir CWE-862
5.9
2023-08-03 CVE-2023-30951 XXE vulnerability in Palantir Magritte-Rest-Source-Bundle
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
network
low complexity
palantir CWE-611
6.5
2023-08-03 CVE-2023-30952 Unspecified vulnerability in Palantir Foundry
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue.
network
low complexity
palantir
4.3
2023-07-26 CVE-2023-30949 Origin Validation Error vulnerability in Palantir Slate
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
network
low complexity
palantir CWE-346
5.3
2023-07-10 CVE-2023-30956 Unspecified vulnerability in Palantir Foundry Comments
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment.
network
high complexity
palantir
5.3