Known Vulnerabilities for products from Palantir
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Palantir".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-30969 json | The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authenticat... | 6.5 - MEDIUM | 2023-10-26 | 2023-11-07 |
| CVE-2023-30967 json | Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenti... | 7.5 - HIGH | 2023-10-26 | 2023-11-07 |
| CVE-2023-30963 json | A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's ... | 5.4 - MEDIUM | 2023-07-10 | 2023-11-07 |
| CVE-2023-30962 json | The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an at... | 5.4 - MEDIUM | 2023-09-12 | 2023-11-07 |
| CVE-2023-30961 json | Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an inc... | 6.1 - MEDIUM | 2023-09-27 | 2023-11-07 |
| CVE-2023-30960 json | A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources t... | 4.3 - MEDIUM | 2023-07-10 | 2023-11-07 |
| CVE-2023-30959 json | In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an ... | 5.4 - MEDIUM | 2023-09-27 | 2023-11-07 |
| CVE-2023-30956 json | A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted ... | 5.3 - MEDIUM | 2023-07-10 | 2023-11-07 |
| CVE-2023-30955 json | A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view se... | 5.4 - MEDIUM | 2023-06-29 | 2023-11-07 |
| CVE-2023-30954 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.7 - LOW | 2023-11-15 | 2023-11-22 |
| CVE-2023-30952 json | A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the requ... | 4.3 - MEDIUM | 2023-08-03 | 2023-11-07 |
| CVE-2023-30951 json | The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | 6.5 - MEDIUM | 2023-08-03 | 2023-11-07 |
| CVE-2023-30950 json | The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | 5.9 - MEDIUM | 2023-08-03 | 2023-11-07 |
| CVE-2023-30949 json | A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could... | 5.3 - MEDIUM | 2023-07-26 | 2023-11-07 |
| CVE-2023-30948 json | A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by... | 6.5 - MEDIUM | 2023-06-06 | 2023-11-07 |
| CVE-2023-30946 json | A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have acce... | 4.3 - MEDIUM | 2023-06-29 | 2023-11-07 |
| CVE-2023-30945 json | Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerab... | 9.8 - CRITICAL | 2023-06-26 | 2023-11-07 |
| CVE-2023-22835 json | A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting ma... | 7.7 - HIGH | 2023-07-10 | 2023-11-07 |
| CVE-2023-22834 json | The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an... | 4.3 - MEDIUM | 2023-06-27 | 2023-11-07 |
| CVE-2023-22833 json | Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authentica... | 6.5 - MEDIUM | 2023-06-06 | 2023-11-07 |