Filtered by vendor Palantir
Subscriptions
Total
33 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-30960 | 1 Palantir | 1 Foundry Job-tracker | 2024-08-02 | 4.3 Medium |
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. | ||||
CVE-2023-30956 | 1 Palantir | 1 Foundry Comments | 2024-08-02 | 5.3 Medium |
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. | ||||
CVE-2023-30946 | 1 Palantir | 1 Foundry Issues | 2024-08-02 | 3.5 Low |
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | ||||
CVE-2023-30949 | 1 Palantir | 1 Slate | 2024-08-02 | 4.3 Medium |
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. | ||||
CVE-2023-30948 | 1 Palantir | 1 Foundry Comments | 2024-08-02 | 6.5 Medium |
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time. | ||||
CVE-2023-30951 | 1 Palantir | 1 Magritte-rest-source-bundle | 2024-08-02 | 6.3 Medium |
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | ||||
CVE-2023-30945 | 1 Palantir | 3 Clips2, Video Clip Distributor, Video History Service | 2024-08-02 | 9.8 Critical |
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well. | ||||
CVE-2023-30950 | 1 Palantir | 1 Foundry Campaigns | 2024-08-02 | 6.5 Medium |
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | ||||
CVE-2023-30952 | 1 Palantir | 1 Foundry | 2024-08-02 | 5 Medium |
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | ||||
CVE-2023-30955 | 1 Palantir | 1 Foundry Workspace-server | 2024-08-02 | 4.3 Medium |
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0. | ||||
CVE-2023-22833 | 1 Palantir | 1 Foundry | 2024-08-02 | 7.6 High |
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | ||||
CVE-2023-22835 | 1 Palantir | 2 Foundry Frontend, Foundry Issues | 2024-08-02 | 7.7 High |
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. | ||||
CVE-2023-22834 | 1 Palantir | 1 Contour | 2024-08-02 | 2.7 Low |
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. |