ReportizFlow
Filtered by vendor Palantir
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30954 | 1 Palantir | 1 Video-application-server | 2024-11-21 | 2.7 Low |
| The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. | ||||
| CVE-2023-30952 | 1 Palantir | 1 Foundry | 2024-11-21 | 5 Medium |
| A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | ||||
| CVE-2023-30951 | 1 Palantir | 1 Magritte-rest-source-bundle | 2024-11-21 | 6.3 Medium |
| The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | ||||
| CVE-2023-30950 | 1 Palantir | 1 Foundry Campaigns | 2024-11-21 | 6.5 Medium |
| The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | ||||
| CVE-2023-30949 | 1 Palantir | 1 Slate | 2024-11-21 | 4.3 Medium |
| A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | ||||
| CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | 3.5 Low |
| A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | ||||
| CVE-2023-22835 | 1 Palantir | 2 Foundry Frontend, Foundry Issues | 2024-11-21 | 7.7 High |
| A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. | ||||
| CVE-2023-22834 | 1 Palantir | 1 Contour | 2024-11-21 | 2.7 Low |
| The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. | ||||
| CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2024-11-21 | 4.2 Medium |
| Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | ||||
| CVE-2022-27895 | 1 Palantir | 1 Foundry Build2 | 2024-11-21 | 4.2 Medium |
| Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. | ||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2024-11-21 | 4.8 Medium |
| The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | ||||
| CVE-2022-27889 | 1 Palantir | 1 Foundry Multipass | 2024-11-21 | 5.3 Medium |
| The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. | ||||
| CVE-2022-27888 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | 5.5 Medium |
| Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. | ||||