Vulnerabilidades em Palantir
47 resultadosCVE-2023-30961MEDIUMPalantir Gotham UI bug that could lead to incorrect data classificationEPSS 0.4%CVE-2023-30958MEDIUMDOM XSS in Developer mode dashboard via redirect GET parameterEPSS 0.3%CVE-2023-30950MEDIUMCVE-2023-30950 EPSS 0.3%CVE-2023-30946LOWIssues notification metadata lacks authorizationEPSS 0.3%CVE-2023-30960MEDIUMInsecure Direct Object Reference (IDOR) in Foundry job-trackerEPSS 0.3%CVE-2022-27894MEDIUMThe Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability.EPSS 0.3%CVE-2023-30963MEDIUMStored XSS in Foundry Slate Query Dropdown menuEPSS 0.3%CVE-2023-30962MEDIUMStored XSS in cerberus attachmentsEPSS 0.3%CVE-2023-30955MEDIUMFoundry workspace-server Developer Mode Authorization BypassEPSS 0.3%CVE-2023-30959MEDIUMStored XSS via javascript URI in Apollo Change Requests commentEPSS 0.3%CVE-2023-30954LOWGotham Video Broken AuthenticationEPSS 0.3%CVE-2023-22834LOWThe contour service was not checking that users had permission to create an analysis for a given datasetEPSS 0.3%CVE-2024-49588MEDIUMMultiple authenticated SQL injections in oracle-sidecarEPSS 0.3%CVE-2024-49587CRITICALGlutton V1 endpoints missing authenticationEPSS 0.3%CVE-2023-22836LOWIn cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.EPSS 0.3%CVE-2022-48306MEDIUMGotham Chat IRC help does not validate hostnames in TLS certificatesEPSS 0.3%CVE-2025-53710HIGHNetwork boundaries not respected in certain Foundry namespaces.EPSS 0.2%CVE-2022-27888MEDIUMThe Foundry Issues service was found to be logging in a manner that captured session tokens.EPSS 0.2%CVE-2022-27890MEDIUMIt was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactoryEPSS 0.2%CVE-2022-48307MEDIUMIt was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactorEPSS 0.2%