Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
94 vulnerabilities by palantir
CVE-2025-68609 (GCVE-0-2025-68609)
Vulnerability from cvelistv5 – Published: 2026-01-22 19:06 – Updated: 2026-01-22 19:33
VLAI
Title
Authentication bypass in Aries due to misconfiguration
Summary
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.aries:aries |
Unaffected:
1.554.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T19:29:47.910483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T19:33:36.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.aries:aries",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.554.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Palantir\u0027s Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T19:06:05.914Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5"
}
],
"source": {
"defect": [
"PLTRSEC-2025-53"
],
"discovery": "INTERNAL"
},
"title": "Authentication bypass in Aries due to misconfiguration"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-68609",
"datePublished": "2026-01-22T19:06:05.914Z",
"dateReserved": "2025-12-19T12:56:08.266Z",
"dateUpdated": "2026-01-22T19:33:36.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62487 (GCVE-0-2025-62487)
Vulnerability from cvelistv5 – Published: 2026-01-09 21:17 – Updated: 2026-01-14 19:10
VLAI
Title
Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
Summary
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations).
On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue.
On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.acme:gotham-default-apps-bundle |
Unaffected:
100.30251002.0 , < *
(semver)
Unaffected: 100.30250808.87 Unaffected: 100.30250908.1 Affected: 100.30250502.0 , < 100.30251002.0 (semver) Unaffected: 100.30250709.54 Unaffected: 100.30250907.11 Unaffected: 100.30250507.88 Unaffected: 100.30251001.1 Unaffected: * , < 100.30250502.0 (semver) Unaffected: 100.30250906.52 |
|
| Palantir | com.palantir.acme:stencil-app-bundle |
Unaffected:
100.30250907.11
Unaffected: 100.30250507.88 Unaffected: 100.30250908.1 Unaffected: 100.30250808.87 Unaffected: 100.30251002.0 , < * (semver) Unaffected: 100.30251001.1 Unaffected: * , < 100.30250502.0 (semver) Unaffected: 100.30250906.52 Affected: 100.30250502.0 , < 100.30251002.0 (semver) Unaffected: 100.30250709.54 |
|
| Palantir | com.palantir.acme:dossier-app |
Unaffected:
100.30250907.11
Affected: 100.30250502.0 , < 100.30251002.0 (semver) Unaffected: 100.30251001.1 Unaffected: 100.30250808.87 Unaffected: * , < 100.30250502.0 (semver) Unaffected: 100.30250908.1 Unaffected: 100.30250709.54 Unaffected: 100.30251002.0 , < * (semver) Unaffected: 100.30250507.88 Unaffected: 100.30250906.52 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T21:36:19.288885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T21:36:29.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme:gotham-default-apps-bundle",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.30251002.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250808.87"
},
{
"status": "unaffected",
"version": "100.30250908.1"
},
{
"lessThan": "100.30251002.0",
"status": "affected",
"version": "100.30250502.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250709.54"
},
{
"status": "unaffected",
"version": "100.30250907.11"
},
{
"status": "unaffected",
"version": "100.30250507.88"
},
{
"status": "unaffected",
"version": "100.30251001.1"
},
{
"lessThan": "100.30250502.0",
"status": "unaffected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250906.52"
}
]
},
{
"product": "com.palantir.acme:stencil-app-bundle",
"vendor": "Palantir",
"versions": [
{
"status": "unaffected",
"version": "100.30250907.11"
},
{
"status": "unaffected",
"version": "100.30250507.88"
},
{
"status": "unaffected",
"version": "100.30250908.1"
},
{
"status": "unaffected",
"version": "100.30250808.87"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.30251002.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30251001.1"
},
{
"lessThan": "100.30250502.0",
"status": "unaffected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250906.52"
},
{
"lessThan": "100.30251002.0",
"status": "affected",
"version": "100.30250502.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250709.54"
}
]
},
{
"product": "com.palantir.acme:dossier-app",
"vendor": "Palantir",
"versions": [
{
"status": "unaffected",
"version": "100.30250907.11"
},
{
"lessThan": "100.30251002.0",
"status": "affected",
"version": "100.30250502.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30251001.1"
},
{
"status": "unaffected",
"version": "100.30250808.87"
},
{
"lessThan": "100.30250502.0",
"status": "unaffected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250908.1"
},
{
"status": "unaffected",
"version": "100.30250709.54"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.30251002.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250507.88"
},
{
"status": "unaffected",
"version": "100.30250906.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations).\n\n\nOn deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue.\n\n\nOn deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:10:00.918Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1f"
}
],
"source": {
"defect": [
"PLTRSEC-2025-49"
],
"discovery": "INTERNAL"
},
"title": "Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-62487",
"datePublished": "2026-01-09T21:17:37.023Z",
"dateReserved": "2025-10-15T00:02:28.438Z",
"dateUpdated": "2026-01-14T19:10:00.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-30971 (GCVE-0-2023-30971)
Vulnerability from cvelistv5 – Published: 2025-12-19 16:34 – Updated: 2025-12-19 18:00
VLAI
Title
Gaia unauthenticated endpoints
Summary
Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-592 - This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.acme.gaia:gaia |
Unaffected:
100.231009.45 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:24:29.023190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T18:00:30.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme.gaia:gaia",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231009.45",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "This weakness has been deprecated because it covered redundant concepts already described in CWE-287.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:34:19.437Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"
}
],
"source": {
"defect": [
"PLTRSEC-2024-37"
],
"discovery": "INTERNAL"
},
"title": "Gaia unauthenticated endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30971",
"datePublished": "2025-12-19T16:34:19.437Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2025-12-19T18:00:30.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49587 (GCVE-0-2024-49587)
Vulnerability from cvelistv5 – Published: 2025-12-19 16:33 – Updated: 2026-02-26 16:07
VLAI
Title
Glutton V1 endpoints missing authentication
Summary
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:glutton |
Unaffected:
105.95.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-20T04:56:48.131550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:24.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:glutton",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "105.95.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:33:22.971Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11"
}
],
"source": {
"defect": [
"PLTRSEC-2024-43"
],
"discovery": "INTERNAL"
},
"title": "Glutton V1 endpoints missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49587",
"datePublished": "2025-12-19T16:33:22.971Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2026-02-26T16:07:24.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53710 (GCVE-0-2025-53710)
Vulnerability from cvelistv5 – Published: 2025-12-18 21:05 – Updated: 2025-12-18 21:39
VLAI
Title
Network boundaries not respected in certain Foundry namespaces.
Summary
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.compute:compute-service |
Unaffected:
0.1372.0 , < *
(semver)
|
|
| Palantir | com.palantir.codeassist2:code-assist-proxy |
Unaffected:
2.1289.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:39:40.921425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:39:48.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.compute:compute-service",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.1372.0",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.codeassist2:code-assist-proxy",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.1289.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:05:51.588Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4dbae101-79da-433c-8184-c70b78f4701b"
}
],
"source": {
"defect": [
"PLTRSEC-2025-50"
],
"discovery": "EXTERNAL"
},
"title": "Network boundaries not respected in certain Foundry namespaces."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-53710",
"datePublished": "2025-12-18T21:05:51.588Z",
"dateReserved": "2025-07-08T20:15:13.449Z",
"dateUpdated": "2025-12-18T21:39:48.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64400 (GCVE-0-2025-64400)
Vulnerability from cvelistv5 – Published: 2025-12-18 19:32 – Updated: 2025-12-18 19:48
VLAI
Title
Insufficient permission checks when pre-enrolling users Summary
Summary
Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.controlpanel:control-panel |
Unaffected:
1.1395.1
Unaffected: 1.1384.1 Unaffected: 1.1401.0 , < * (semver) Affected: * , < 1.1401.0 (semver) Unaffected: 1.1346.1 Unaffected: 1.1352.1 Unaffected: 1.1352.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T19:47:57.678748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:48:40.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.controlpanel:control-panel",
"vendor": "Palantir",
"versions": [
{
"status": "unaffected",
"version": "1.1395.1"
},
{
"status": "unaffected",
"version": "1.1384.1"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "1.1401.0",
"versionType": "semver"
},
{
"lessThan": "1.1401.0",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.1346.1"
},
{
"status": "unaffected",
"version": "1.1352.1"
},
{
"status": "unaffected",
"version": "1.1352.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Control Panel provides an API for pre-registering into an enrollment and organization prior to a user\u0027s first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:32:30.241Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=52a9fd2f-1868-48cb-af01-93c589160e19"
}
],
"source": {
"defect": [
"PLTRSEC-2025-51"
],
"discovery": "INTERNAL"
},
"title": "Insufficient permission checks when pre-enrolling users Summary"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-64400",
"datePublished": "2025-12-18T19:32:30.241Z",
"dateReserved": "2025-10-31T16:12:53.455Z",
"dateUpdated": "2025-12-18T19:48:40.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53709 (GCVE-0-2025-53709)
Vulnerability from cvelistv5 – Published: 2025-07-10 18:38 – Updated: 2025-07-10 19:00
VLAI
Title
Access control issues impacting secure-upload service
Summary
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.
Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests.
Authenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control.
An endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments.
Finally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.
The affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.secupload:secure-upload |
Affected:
* , < 0.815.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T19:00:09.941437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:00:21.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.secupload:secure-upload",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.815.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.\n\nUnder specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests.\nAuthenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control.\nAn endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments.\nFinally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.\n\nThe affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:38:31.861Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/285.html"
}
],
"source": {
"defect": [],
"discovery": "INTERNAL"
},
"title": "Access control issues impacting secure-upload service"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-53709",
"datePublished": "2025-07-10T18:38:31.861Z",
"dateReserved": "2025-07-08T20:11:55.448Z",
"dateUpdated": "2025-07-10T19:00:21.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49589 (GCVE-0-2024-49589)
Vulnerability from cvelistv5 – Published: 2025-02-18 17:18 – Updated: 2025-02-18 18:11
VLAI
Title
Foundry artifacts denial of service
Summary
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.artifacts:artifacts |
Affected:
* , < 0.1337.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:25:31.152997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:26:15.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.artifacts:artifacts",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.1337.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size)."
}
],
"impacts": [
{
"capecId": "CAPEC-572",
"descriptions": [
{
"lang": "en",
"value": "An adversary modifies file contents by adding data to files for several reasons. Many different attacks could follow this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T18:11:28.932Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3"
}
],
"source": {
"defect": [
"PLTRSEC-2024-48"
],
"discovery": "INTERNAL"
},
"title": "Foundry artifacts denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49589",
"datePublished": "2025-02-18T17:18:41.883Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2025-02-18T18:11:28.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49581 (GCVE-0-2024-49581)
Vulnerability from cvelistv5 – Published: 2024-12-02 20:26 – Updated: 2024-12-02 20:46
VLAI
Title
Access control issue impacting RV backed objects
Summary
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:external-artifacts |
Affected:
* , < 105.115.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T20:46:08.213429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:46:18.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:external-artifacts",
"vendor": "Palantir",
"versions": [
{
"lessThan": "105.115.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn\u0027t have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. \nThe affected service have been patched and automatically deployed to all Apollo-managed Foundry instances."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:26:15.350Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=b60db1ee-4b1a-475d-848e-c5a670a0da16"
}
],
"source": {
"defect": [
"PLTRSEC-2024-47"
],
"discovery": "INTERNAL"
},
"title": "Access control issue impacting RV backed objects"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49581",
"datePublished": "2024-12-02T20:26:15.350Z",
"dateReserved": "2024-10-16T19:09:45.688Z",
"dateUpdated": "2024-12-02T20:46:18.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49588 (GCVE-0-2024-49588)
Vulnerability from cvelistv5 – Published: 2024-11-21 19:59 – Updated: 2024-11-27 16:13
VLAI
Title
Multiple authenticated SQL injections in oracle-sidecar
Summary
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar |
Affected:
* , < 0.544.0
(semver)
Affected: 0.347.0 , < * (semver) |
|
| oracle | oracle-sidecar |
Affected:
0.347.0 , < 0.544.0
(semver)
cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oracle-sidecar",
"vendor": "oracle",
"versions": [
{
"lessThan": "0.544.0",
"status": "affected",
"version": "0.347.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:36:09.668611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:13:10.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.544.0",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "0.347.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input."
}
]
},
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:59:45.456Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c"
},
{
"url": "https://cwe.mitre.org/data/definitions/89.html"
}
],
"source": {
"defect": [
"PLTRSEC-2024-46"
],
"discovery": "INTERNAL"
},
"title": "Multiple authenticated SQL injections in oracle-sidecar"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49588",
"datePublished": "2024-11-21T19:59:45.456Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2024-11-27T16:13:10.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30968 (GCVE-0-2023-30968)
Vulnerability from cvelistv5 – Published: 2024-03-12 19:39 – Updated: 2024-08-21 15:33
VLAI
Title
Stored XSS in gaia
Summary
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.acme.gaia:gaia |
Unaffected:
100.240108.11 , < *
(semver)
Unaffected: 100.240203.6 , < * (semver) Unaffected: 100.230807.13 , < * (semver) Unaffected: 100.240205.0-12-gf415217 , < * (semver) Unaffected: 100.231108.82 , < * (semver) Unaffected: 100.231009.47 , < * (semver) Unaffected: 100.240202.9 , < * (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:33:22.486616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:33:34.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme.gaia:gaia",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240108.11",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240203.6",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.230807.13",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240205.0-12-gf415217",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231108.82",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231009.47",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240202.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T19:39:24.226Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
}
],
"source": {
"defect": [
"PLTRSEC-2024-36"
],
"discovery": "INTERNAL"
},
"title": "Stored XSS in gaia"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30968",
"datePublished": "2024-03-12T19:39:24.226Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-08-21T15:33:34.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22836 (GCVE-0-2023-22836)
Vulnerability from cvelistv5 – Published: 2024-01-29 18:50 – Updated: 2025-06-17 21:29
VLAI
Title
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
Summary
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.skywise:guardian |
Affected:
* , < 2.278.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T17:40:00.781341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:16.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.skywise:guardian",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.278.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:50:37.543Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682"
}
],
"source": {
"defect": [
"PLTRSEC-2023-11"
],
"discovery": "EXTERNAL"
},
"title": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-22836",
"datePublished": "2024-01-29T18:50:37.543Z",
"dateReserved": "2023-01-06T21:43:46.848Z",
"dateUpdated": "2025-06-17T21:29:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30970 (GCVE-0-2023-30970)
Vulnerability from cvelistv5 – Published: 2024-01-29 18:27 – Updated: 2025-05-29 15:08
VLAI
Title
Gotham table and Forward App Path traversal
Summary
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:blackbird-witchcraft |
Affected:
* , < 104.30231002.10
(semver)
Affected: * , < 104.30231001.8 (semver) Affected: * , < 104.30230807.59 (semver) Affected: * , < 104.30230908.21 (semver) Affected: * , < 103.30230304.433 (semver) Affected: * , < 104.30230604.81 (semver) Affected: * , < 104.30231003.9 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:41.629289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:08:34.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:blackbird-witchcraft",
"vendor": "Palantir",
"versions": [
{
"lessThan": "104.30231002.10",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231001.8",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230807.59",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230908.21",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "103.30230304.433",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230604.81",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231003.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \"/abs/path\" that can resolve to a location that is outside of that directory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:27:26.850Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"source": {
"defect": [
"PLTRSEC-2023-37"
],
"discovery": "INTERNAL"
},
"title": "Gotham table and Forward App Path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30970",
"datePublished": "2024-01-29T18:27:26.850Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2025-05-29T15:08:34.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30954 (GCVE-0-2023-30954)
Vulnerability from cvelistv5 – Published: 2023-11-15 19:43 – Updated: 2024-08-29 14:49
VLAI
Title
Gotham Video Broken Authentication
Summary
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.video:video-application-server |
Affected:
* , < 2.206.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:41:20.646899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:49:41.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.video:video-application-server",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.206.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/CR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T19:43:36.051Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567"
}
],
"source": {
"defect": [
"PLTRSEC-2023-12"
],
"discovery": "INTERNAL"
},
"title": "Gotham Video Broken Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30954",
"datePublished": "2023-11-15T19:43:36.051Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-08-29T14:49:41.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30967 (GCVE-0-2023-30967)
Vulnerability from cvelistv5 – Published: 2023-10-25 23:18 – Updated: 2024-09-10 16:39
VLAI
Title
Gotham Orbital Simulator path traversal
Summary
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
- CWE-287 - When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.meta:orbital-simulator |
Affected:
* , < 0.692.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:38:52.522165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:39:11.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.meta:orbital-simulator",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.692.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. "
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T23:18:23.681Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"
}
],
"source": {
"defect": [
"PLTRSEC-2023-36"
],
"discovery": "INTERNAL"
},
"title": "Gotham Orbital Simulator path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30967",
"datePublished": "2023-10-25T23:18:23.681Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-09-10T16:39:11.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-68609 (GCVE-0-2025-68609)
Vulnerability from nvd – Published: 2026-01-22 19:06 – Updated: 2026-01-22 19:33
VLAI
Title
Authentication bypass in Aries due to misconfiguration
Summary
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.aries:aries |
Unaffected:
1.554.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T19:29:47.910483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T19:33:36.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.aries:aries",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.554.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Palantir\u0027s Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, potentially allowing any network-accessible client to view system logs and perform operations without valid credentials. No evidence of exploitation was identified during the vulnerability window."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T19:06:05.914Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=955a313a-1735-48a6-9fb4-e10404f14eb5"
}
],
"source": {
"defect": [
"PLTRSEC-2025-53"
],
"discovery": "INTERNAL"
},
"title": "Authentication bypass in Aries due to misconfiguration"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-68609",
"datePublished": "2026-01-22T19:06:05.914Z",
"dateReserved": "2025-12-19T12:56:08.266Z",
"dateUpdated": "2026-01-22T19:33:36.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62487 (GCVE-0-2025-62487)
Vulnerability from nvd – Published: 2026-01-09 21:17 – Updated: 2026-01-14 19:10
VLAI
Title
Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
Summary
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations).
On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue.
On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.acme:gotham-default-apps-bundle |
Unaffected:
100.30251002.0 , < *
(semver)
Unaffected: 100.30250808.87 Unaffected: 100.30250908.1 Affected: 100.30250502.0 , < 100.30251002.0 (semver) Unaffected: 100.30250709.54 Unaffected: 100.30250907.11 Unaffected: 100.30250507.88 Unaffected: 100.30251001.1 Unaffected: * , < 100.30250502.0 (semver) Unaffected: 100.30250906.52 |
|
| Palantir | com.palantir.acme:stencil-app-bundle |
Unaffected:
100.30250907.11
Unaffected: 100.30250507.88 Unaffected: 100.30250908.1 Unaffected: 100.30250808.87 Unaffected: 100.30251002.0 , < * (semver) Unaffected: 100.30251001.1 Unaffected: * , < 100.30250502.0 (semver) Unaffected: 100.30250906.52 Affected: 100.30250502.0 , < 100.30251002.0 (semver) Unaffected: 100.30250709.54 |
|
| Palantir | com.palantir.acme:dossier-app |
Unaffected:
100.30250907.11
Affected: 100.30250502.0 , < 100.30251002.0 (semver) Unaffected: 100.30251001.1 Unaffected: 100.30250808.87 Unaffected: * , < 100.30250502.0 (semver) Unaffected: 100.30250908.1 Unaffected: 100.30250709.54 Unaffected: 100.30251002.0 , < * (semver) Unaffected: 100.30250507.88 Unaffected: 100.30250906.52 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T21:36:19.288885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T21:36:29.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme:gotham-default-apps-bundle",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.30251002.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250808.87"
},
{
"status": "unaffected",
"version": "100.30250908.1"
},
{
"lessThan": "100.30251002.0",
"status": "affected",
"version": "100.30250502.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250709.54"
},
{
"status": "unaffected",
"version": "100.30250907.11"
},
{
"status": "unaffected",
"version": "100.30250507.88"
},
{
"status": "unaffected",
"version": "100.30251001.1"
},
{
"lessThan": "100.30250502.0",
"status": "unaffected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250906.52"
}
]
},
{
"product": "com.palantir.acme:stencil-app-bundle",
"vendor": "Palantir",
"versions": [
{
"status": "unaffected",
"version": "100.30250907.11"
},
{
"status": "unaffected",
"version": "100.30250507.88"
},
{
"status": "unaffected",
"version": "100.30250908.1"
},
{
"status": "unaffected",
"version": "100.30250808.87"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.30251002.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30251001.1"
},
{
"lessThan": "100.30250502.0",
"status": "unaffected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250906.52"
},
{
"lessThan": "100.30251002.0",
"status": "affected",
"version": "100.30250502.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250709.54"
}
]
},
{
"product": "com.palantir.acme:dossier-app",
"vendor": "Palantir",
"versions": [
{
"status": "unaffected",
"version": "100.30250907.11"
},
{
"lessThan": "100.30251002.0",
"status": "affected",
"version": "100.30250502.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30251001.1"
},
{
"status": "unaffected",
"version": "100.30250808.87"
},
{
"lessThan": "100.30250502.0",
"status": "unaffected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250908.1"
},
{
"status": "unaffected",
"version": "100.30250709.54"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.30251002.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "100.30250507.88"
},
{
"status": "unaffected",
"version": "100.30250906.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations).\n\n\nOn deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue.\n\n\nOn deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the default authorization rules defined in the Auth Chooser configuration. On most environments, it is expected that the default authorization rules only add the Everyone group."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:10:00.918Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1f"
}
],
"source": {
"defect": [
"PLTRSEC-2025-49"
],
"discovery": "INTERNAL"
},
"title": "Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-62487",
"datePublished": "2026-01-09T21:17:37.023Z",
"dateReserved": "2025-10-15T00:02:28.438Z",
"dateUpdated": "2026-01-14T19:10:00.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-30971 (GCVE-0-2023-30971)
Vulnerability from nvd – Published: 2025-12-19 16:34 – Updated: 2025-12-19 18:00
VLAI
Title
Gaia unauthenticated endpoints
Summary
Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-592 - This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.acme.gaia:gaia |
Unaffected:
100.231009.45 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:24:29.023190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T18:00:30.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme.gaia:gaia",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231009.45",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "This weakness has been deprecated because it covered redundant concepts already described in CWE-287.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:34:19.437Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"
}
],
"source": {
"defect": [
"PLTRSEC-2024-37"
],
"discovery": "INTERNAL"
},
"title": "Gaia unauthenticated endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30971",
"datePublished": "2025-12-19T16:34:19.437Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2025-12-19T18:00:30.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49587 (GCVE-0-2024-49587)
Vulnerability from nvd – Published: 2025-12-19 16:33 – Updated: 2026-02-26 16:07
VLAI
Title
Glutton V1 endpoints missing authentication
Summary
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:glutton |
Unaffected:
105.95.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-20T04:56:48.131550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:24.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:glutton",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "105.95.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:33:22.971Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11"
}
],
"source": {
"defect": [
"PLTRSEC-2024-43"
],
"discovery": "INTERNAL"
},
"title": "Glutton V1 endpoints missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49587",
"datePublished": "2025-12-19T16:33:22.971Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2026-02-26T16:07:24.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53710 (GCVE-0-2025-53710)
Vulnerability from nvd – Published: 2025-12-18 21:05 – Updated: 2025-12-18 21:39
VLAI
Title
Network boundaries not respected in certain Foundry namespaces.
Summary
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.compute:compute-service |
Unaffected:
0.1372.0 , < *
(semver)
|
|
| Palantir | com.palantir.codeassist2:code-assist-proxy |
Unaffected:
2.1289.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:39:40.921425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:39:48.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.compute:compute-service",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.1372.0",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.codeassist2:code-assist-proxy",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.1289.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:05:51.588Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4dbae101-79da-433c-8184-c70b78f4701b"
}
],
"source": {
"defect": [
"PLTRSEC-2025-50"
],
"discovery": "EXTERNAL"
},
"title": "Network boundaries not respected in certain Foundry namespaces."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-53710",
"datePublished": "2025-12-18T21:05:51.588Z",
"dateReserved": "2025-07-08T20:15:13.449Z",
"dateUpdated": "2025-12-18T21:39:48.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64400 (GCVE-0-2025-64400)
Vulnerability from nvd – Published: 2025-12-18 19:32 – Updated: 2025-12-18 19:48
VLAI
Title
Insufficient permission checks when pre-enrolling users Summary
Summary
Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.controlpanel:control-panel |
Unaffected:
1.1395.1
Unaffected: 1.1384.1 Unaffected: 1.1401.0 , < * (semver) Affected: * , < 1.1401.0 (semver) Unaffected: 1.1346.1 Unaffected: 1.1352.1 Unaffected: 1.1352.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T19:47:57.678748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:48:40.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.controlpanel:control-panel",
"vendor": "Palantir",
"versions": [
{
"status": "unaffected",
"version": "1.1395.1"
},
{
"status": "unaffected",
"version": "1.1384.1"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "1.1401.0",
"versionType": "semver"
},
{
"lessThan": "1.1401.0",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.1346.1"
},
{
"status": "unaffected",
"version": "1.1352.1"
},
{
"status": "unaffected",
"version": "1.1352.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Control Panel provides an API for pre-registering into an enrollment and organization prior to a user\u0027s first login. The API for creating users checks that the account requesting a user creation has `edit` on the enrollment-level user directory, but is missing a separate check that the enrollment editor has access (or belongs to) the organization that they are adding a user to."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:32:30.241Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=52a9fd2f-1868-48cb-af01-93c589160e19"
}
],
"source": {
"defect": [
"PLTRSEC-2025-51"
],
"discovery": "INTERNAL"
},
"title": "Insufficient permission checks when pre-enrolling users Summary"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-64400",
"datePublished": "2025-12-18T19:32:30.241Z",
"dateReserved": "2025-10-31T16:12:53.455Z",
"dateUpdated": "2025-12-18T19:48:40.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53709 (GCVE-0-2025-53709)
Vulnerability from nvd – Published: 2025-07-10 18:38 – Updated: 2025-07-10 19:00
VLAI
Title
Access control issues impacting secure-upload service
Summary
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.
Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests.
Authenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control.
An endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments.
Finally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.
The affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.secupload:secure-upload |
Affected:
* , < 0.815.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T19:00:09.941437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T19:00:21.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.secupload:secure-upload",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.815.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments.\n\nUnder specific circumstances, privileged users of secure-upload could have selected email templates not necessarily created for their enrollment when sending data upload requests.\nAuthenticated and privileged users of one enrollment could have abused an endpoint to redirect existing submission channels to a dataset they control.\nAn endpoint handling domain validation allowed unauthenticated users to enumerate existing enrollments.\nFinally, other endpoints allowed enumerating if a resource with a known RID exists across enrollments.\n\nThe affected service has been patched with version 0.815.0 and automatically deployed to all Apollo-managed Foundry instances."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T18:38:31.861Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/285.html"
}
],
"source": {
"defect": [],
"discovery": "INTERNAL"
},
"title": "Access control issues impacting secure-upload service"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-53709",
"datePublished": "2025-07-10T18:38:31.861Z",
"dateReserved": "2025-07-08T20:11:55.448Z",
"dateUpdated": "2025-07-10T19:00:21.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49589 (GCVE-0-2024-49589)
Vulnerability from nvd – Published: 2025-02-18 17:18 – Updated: 2025-02-18 18:11
VLAI
Title
Foundry artifacts denial of service
Summary
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.artifacts:artifacts |
Affected:
* , < 0.1337.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:25:31.152997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:26:15.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.artifacts:artifacts",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.1337.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size)."
}
],
"impacts": [
{
"capecId": "CAPEC-572",
"descriptions": [
{
"lang": "en",
"value": "An adversary modifies file contents by adding data to files for several reasons. Many different attacks could follow this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T18:11:28.932Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3"
}
],
"source": {
"defect": [
"PLTRSEC-2024-48"
],
"discovery": "INTERNAL"
},
"title": "Foundry artifacts denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49589",
"datePublished": "2025-02-18T17:18:41.883Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2025-02-18T18:11:28.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49581 (GCVE-0-2024-49581)
Vulnerability from nvd – Published: 2024-12-02 20:26 – Updated: 2024-12-02 20:46
VLAI
Title
Access control issue impacting RV backed objects
Summary
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:external-artifacts |
Affected:
* , < 105.115.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T20:46:08.213429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:46:18.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:external-artifacts",
"vendor": "Palantir",
"versions": [
{
"lessThan": "105.115.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn\u0027t have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. \nThe affected service have been patched and automatically deployed to all Apollo-managed Foundry instances."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T20:26:15.350Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=b60db1ee-4b1a-475d-848e-c5a670a0da16"
}
],
"source": {
"defect": [
"PLTRSEC-2024-47"
],
"discovery": "INTERNAL"
},
"title": "Access control issue impacting RV backed objects"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49581",
"datePublished": "2024-12-02T20:26:15.350Z",
"dateReserved": "2024-10-16T19:09:45.688Z",
"dateUpdated": "2024-12-02T20:46:18.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49588 (GCVE-0-2024-49588)
Vulnerability from nvd – Published: 2024-11-21 19:59 – Updated: 2024-11-27 16:13
VLAI
Title
Multiple authenticated SQL injections in oracle-sidecar
Summary
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar |
Affected:
* , < 0.544.0
(semver)
Affected: 0.347.0 , < * (semver) |
|
| oracle | oracle-sidecar |
Affected:
0.347.0 , < 0.544.0
(semver)
cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:oracle-sidecar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oracle-sidecar",
"vendor": "oracle",
"versions": [
{
"lessThan": "0.544.0",
"status": "affected",
"version": "0.347.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:36:09.668611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:13:10.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.544.0",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "0.347.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input."
}
]
},
{
"capecId": "CAPEC-108",
"descriptions": [
{
"lang": "en",
"value": "An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:59:45.456Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c"
},
{
"url": "https://cwe.mitre.org/data/definitions/89.html"
}
],
"source": {
"defect": [
"PLTRSEC-2024-46"
],
"discovery": "INTERNAL"
},
"title": "Multiple authenticated SQL injections in oracle-sidecar"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49588",
"datePublished": "2024-11-21T19:59:45.456Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2024-11-27T16:13:10.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30968 (GCVE-0-2023-30968)
Vulnerability from nvd – Published: 2024-03-12 19:39 – Updated: 2024-08-21 15:33
VLAI
Title
Stored XSS in gaia
Summary
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.acme.gaia:gaia |
Unaffected:
100.240108.11 , < *
(semver)
Unaffected: 100.240203.6 , < * (semver) Unaffected: 100.230807.13 , < * (semver) Unaffected: 100.240205.0-12-gf415217 , < * (semver) Unaffected: 100.231108.82 , < * (semver) Unaffected: 100.231009.47 , < * (semver) Unaffected: 100.240202.9 , < * (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:33:22.486616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:33:34.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.acme.gaia:gaia",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240108.11",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240203.6",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.230807.13",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240205.0-12-gf415217",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231108.82",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.231009.47",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "100.240202.9",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T19:39:24.226Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
}
],
"source": {
"defect": [
"PLTRSEC-2024-36"
],
"discovery": "INTERNAL"
},
"title": "Stored XSS in gaia"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30968",
"datePublished": "2024-03-12T19:39:24.226Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-08-21T15:33:34.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22836 (GCVE-0-2023-22836)
Vulnerability from nvd – Published: 2024-01-29 18:50 – Updated: 2025-06-17 21:29
VLAI
Title
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
Summary
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.skywise:guardian |
Affected:
* , < 2.278.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T17:40:00.781341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:16.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.skywise:guardian",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.278.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/CR:H/IR:H/AR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "The product does not perform an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:50:37.543Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=f9bf67ef-be15-4f87-a526-bf6064e8f682"
}
],
"source": {
"defect": [
"PLTRSEC-2023-11"
],
"discovery": "EXTERNAL"
},
"title": "In cases where a multi-tenant stack user is operating Foundry\u2019s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack\u2019s tenants."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-22836",
"datePublished": "2024-01-29T18:50:37.543Z",
"dateReserved": "2023-01-06T21:43:46.848Z",
"dateUpdated": "2025-06-17T21:29:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30970 (GCVE-0-2023-30970)
Vulnerability from nvd – Published: 2024-01-29 18:27 – Updated: 2025-05-29 15:08
VLAI
Title
Gotham table and Forward App Path traversal
Summary
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-36 - The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:blackbird-witchcraft |
Affected:
* , < 104.30231002.10
(semver)
Affected: * , < 104.30231001.8 (semver) Affected: * , < 104.30230807.59 (semver) Affected: * , < 104.30230908.21 (semver) Affected: * , < 103.30230304.433 (semver) Affected: * , < 104.30230604.81 (semver) Affected: * , < 104.30231003.9 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:41.629289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:08:34.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:blackbird-witchcraft",
"vendor": "Palantir",
"versions": [
{
"lessThan": "104.30231002.10",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231001.8",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230807.59",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230908.21",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "103.30230304.433",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30230604.81",
"status": "affected",
"version": "*",
"versionType": "semver"
},
{
"lessThan": "104.30231003.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \"/abs/path\" that can resolve to a location that is outside of that directory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T18:27:26.850Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72"
}
],
"source": {
"defect": [
"PLTRSEC-2023-37"
],
"discovery": "INTERNAL"
},
"title": "Gotham table and Forward App Path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30970",
"datePublished": "2024-01-29T18:27:26.850Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2025-05-29T15:08:34.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30954 (GCVE-0-2023-30954)
Vulnerability from nvd – Published: 2023-11-15 19:43 – Updated: 2024-08-29 14:49
VLAI
Title
Gotham Video Broken Authentication
Summary
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-285 - The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.video:video-application-server |
Affected:
* , < 2.206.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:41:20.646899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:49:41.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.video:video-application-server",
"vendor": "Palantir",
"versions": [
{
"lessThan": "2.206.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\u0027s functionality; particularly URL\u0027s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/CR:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-15T19:43:36.051Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567"
}
],
"source": {
"defect": [
"PLTRSEC-2023-12"
],
"discovery": "INTERNAL"
},
"title": "Gotham Video Broken Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30954",
"datePublished": "2023-11-15T19:43:36.051Z",
"dateReserved": "2023-04-21T10:39:02.385Z",
"dateUpdated": "2024-08-29T14:49:41.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30967 (GCVE-0-2023-30967)
Vulnerability from nvd – Published: 2023-10-25 23:18 – Updated: 2024-09-10 16:39
VLAI
Title
Gotham Orbital Simulator path traversal
Summary
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
- CWE-287 - When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.meta:orbital-simulator |
Affected:
* , < 0.692.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:24.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:38:52.522165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:39:11.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.meta:orbital-simulator",
"vendor": "Palantir",
"versions": [
{
"lessThan": "0.692.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. "
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \"..\" to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access."
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \\) and/or dots (.)) to reach desired directories or files."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T23:18:23.681Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79"
}
],
"source": {
"defect": [
"PLTRSEC-2023-36"
],
"discovery": "INTERNAL"
},
"title": "Gotham Orbital Simulator path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2023-30967",
"datePublished": "2023-10-25T23:18:23.681Z",
"dateReserved": "2023-04-21T11:42:33.501Z",
"dateUpdated": "2024-09-10T16:39:11.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}