Vulnerabilities > Palantir > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-10 CVE-2023-30960 Exposure of Resource to Wrong Sphere vulnerability in Palantir Foundry Job-Tracker
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to.
network
low complexity
palantir CWE-668
4.3
2023-07-10 CVE-2023-30963 Cross-site Scripting vulnerability in Palantir Foundry Frontend 6.228.0
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed.
network
low complexity
palantir CWE-79
5.4
2023-06-29 CVE-2023-30946 Unspecified vulnerability in Palantir Foundry Issues
A security defect was identified in Foundry Issues.
network
low complexity
palantir
4.3
2023-06-29 CVE-2023-30955 Incorrect Authorization vulnerability in Palantir Foundry Workspace-Server
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'.
network
low complexity
palantir CWE-863
5.4
2023-06-27 CVE-2023-22834 Missing Authorization vulnerability in Palantir Contour
The Contour Service was not checking that users had permission to create an analysis for a given dataset.
network
low complexity
palantir CWE-862
4.3
2023-06-06 CVE-2023-22833 Incorrect Authorization vulnerability in Palantir Foundry
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
network
low complexity
palantir CWE-863
6.5
2023-06-06 CVE-2023-30948 Missing Authorization vulnerability in Palantir Foundry Comments
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks.
network
low complexity
palantir CWE-862
6.5
2023-02-16 CVE-2022-27891 Missing Authentication for Critical Function vulnerability in Palantir Gotham
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session.
network
low complexity
palantir CWE-306
5.3
2023-02-16 CVE-2022-48306 Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack.
network
high complexity
palantir CWE-295
6.8
2022-11-04 CVE-2022-27894 Cross-site Scripting vulnerability in Palantir Foundry Blobster
The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users.
network
low complexity
palantir CWE-79
5.4