Vulnerabilities > Palantir > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-30960 | Exposure of Resource to Wrong Sphere vulnerability in Palantir Foundry Job-Tracker A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. | 4.3 |
| 2023-07-10 | CVE-2023-30963 | Cross-site Scripting vulnerability in Palantir Foundry Frontend 6.228.0 A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. | 5.4 |
| 2023-06-29 | CVE-2023-30946 | Unspecified vulnerability in Palantir Foundry Issues A security defect was identified in Foundry Issues. | 4.3 |
| 2023-06-29 | CVE-2023-30955 | Incorrect Authorization vulnerability in Palantir Foundry Workspace-Server A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. | 5.4 |
| 2023-06-27 | CVE-2023-22834 | Missing Authorization vulnerability in Palantir Contour The Contour Service was not checking that users had permission to create an analysis for a given dataset. | 4.3 |
| 2023-06-06 | CVE-2023-22833 | Incorrect Authorization vulnerability in Palantir Foundry Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | 6.5 |
| 2023-06-06 | CVE-2023-30948 | Missing Authorization vulnerability in Palantir Foundry Comments A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. | 6.5 |
| 2023-02-16 | CVE-2022-27891 | Missing Authentication for Critical Function vulnerability in Palantir Gotham Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. | 5.3 |
| 2023-02-16 | CVE-2022-48306 | Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. | 6.8 |
| 2022-11-04 | CVE-2022-27894 | Cross-site Scripting vulnerability in Palantir Foundry Blobster The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. | 5.4 |