Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
palantir gotham vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-30970
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
Palantir Gotham Blackbird-witchcraft
Palantir Gotham Static-assets-servlet
5.3
CVSSv3
CVE-2022-27891
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade al...
Palantir Gotham
7.5
CVSSv3
CVE-2022-27897
Palantir Gotham versions before 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
Palantir Gotham
7.5
CVSSv3
CVE-2022-27892
Palantir Gotham versions before 3.22.11.2 included an unauthenticated endpoint that would have allowed an malicious user to exhaust the memory of the Gotham dispatch service.
Palantir Gotham
5.4
CVSSv3
CVE-2023-30962
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
Palantir Gotham Cerberus
6.8
CVSSv3
CVE-2022-48306
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow ...
Palantir Gotham Chat Irc
6.1
CVSSv3
CVE-2023-30961
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
Palantir Titanium-browser-app-bundle
Palantir Gotham-fe-bundle
7.5
CVSSv3
CVE-2023-30967
Gotham Orbital-Simulator service before 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
Palantir Orbital Simulator
3.7
CVSSv3
CVE-2023-30954
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
Palantir Video-application-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started