Vulnerabilities > Palantir > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-30970 | Path Traversal vulnerability in Palantir products Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. | 6.5 |
| 2023-10-26 | CVE-2023-30969 | Missing Authorization vulnerability in Palantir Tiles The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. | 6.5 |
| 2023-09-27 | CVE-2023-30959 | Cross-site Scripting vulnerability in Palantir Apollo Autopilot In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | 5.4 |
| 2023-09-27 | CVE-2023-30961 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Palantir Gotham-Fe-Bundle and Titanium-Browser-App-Bundle Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | 6.1 |
| 2023-09-12 | CVE-2023-30962 | Cross-site Scripting vulnerability in Palantir Gotham Cerberus The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. | 5.4 |
| 2023-08-03 | CVE-2023-30950 | Missing Authorization vulnerability in Palantir Foundry Campaigns The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | 5.9 |
| 2023-08-03 | CVE-2023-30951 | XXE vulnerability in Palantir Magritte-Rest-Source-Bundle The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 6.5 |
| 2023-08-03 | CVE-2023-30952 | Unspecified vulnerability in Palantir Foundry A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. | 4.3 |
| 2023-07-26 | CVE-2023-30949 | Origin Validation Error vulnerability in Palantir Slate A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | 5.3 |
| 2023-07-10 | CVE-2023-30956 | Unspecified vulnerability in Palantir Foundry Comments A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. | 5.3 |