Vendor CVEs
Palace
All CVEs
34 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49587 | Cri | 0.59 | 9.1 | 0.00 | Dec 19, 2025 | Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to… | ||
| CVE-2023-30969 | Hig | 0.53 | 8.2 | 0.00 | Oct 26, 2023 | The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. | ||
| CVE-2023-22835 | Hig | 0.50 | 7.7 | 0.01 | Jul 10, 2023 | A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry… | ||
| CVE-2025-53710 | Hig | 0.49 | 7.5 | 0.00 | Dec 18, 2025 | Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that… | ||
| CVE-2023-22833 | Hig | 0.49 | 7.6 | 0.00 | Jun 6, 2023 | Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. | ||
| CVE-2024-49588 | Med | 0.44 | 6.8 | 0.00 | Nov 21, 2024 | Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections. | ||
| CVE-2023-30968 | Med | 0.44 | 6.8 | 0.00 | Mar 12, 2024 | One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack. | ||
| CVE-2023-30970 | Med | 0.42 | 6.5 | 0.01 | Jan 29, 2024 | Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. | ||
| CVE-2023-30961 | Med | 0.42 | 6.5 | 0.00 | Sep 27, 2023 | Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | ||
| CVE-2023-30948 | Med | 0.42 | 6.5 | 0.01 | Jun 6, 2023 | A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to… | ||
| CVE-2023-30951 | Med | 0.41 | 6.3 | 0.00 | Aug 3, 2023 | The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). | ||
| CVE-2022-48308 | Med | 0.41 | 6.3 | 0.00 | Feb 16, 2023 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful… | ||
| CVE-2022-48307 | Med | 0.41 | 6.3 | 0.00 | Feb 16, 2023 | It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful… | ||
| CVE-2022-27890 | Med | 0.41 | 6.3 | 0.00 | Feb 16, 2023 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful… | ||
| CVE-2022-48306 | Med | 0.37 | 5.7 | 0.00 | Feb 16, 2023 | Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow… | ||
| CVE-2022-27888 | Med | 0.36 | 5.5 | 0.00 | Apr 26, 2022 | Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. | ||
| CVE-2025-53709 | Med | 0.35 | 5.4 | 0.00 | Jul 10, 2025 | Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates… | ||
| CVE-2023-30963 | Med | 0.35 | 5.4 | 0.00 | Jul 10, 2023 | A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry… | ||
| CVE-2023-30956 | Med | 0.34 | 5.3 | 0.00 | Jul 10, 2023 | A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. | ||
| CVE-2022-27897 | Med | 0.34 | 5.3 | 0.01 | Feb 16, 2023 | Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch… | ||
| CVE-2022-27892 | Med | 0.34 | 5.3 | 0.01 | Feb 16, 2023 | Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | ||
| CVE-2022-27891 | Med | 0.34 | 5.3 | 0.00 | Feb 16, 2023 | Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade… | ||
| CVE-2023-30952 | Med | 0.33 | 5.0 | 0.00 | Aug 3, 2023 | A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . | ||
| CVE-2023-30958 | Med | 0.31 | 4.7 | 0.00 | Aug 3, 2023 | A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0. | ||
| CVE-2022-27894 | Med | 0.31 | 4.8 | 0.00 | Nov 4, 2022 | The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | ||
| CVE-2023-30960 | Med | 0.28 | 4.3 | 0.00 | Jul 10, 2023 | A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry… | ||
| CVE-2023-30955 | Med | 0.28 | 4.3 | 0.00 | Jun 29, 2023 | A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a… | ||
| CVE-2023-30959 | Med | 0.27 | 4.1 | 0.00 | Sep 27, 2023 | In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | ||
| CVE-2022-27896 | Med | 0.27 | 4.2 | 0.00 | Nov 14, 2022 | Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks… | ||
| CVE-2022-27893 | Med | 0.27 | 4.2 | 0.00 | Nov 4, 2022 | The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | ||
| CVE-2025-62487 | Low | 0.23 | 3.5 | 0.00 | Jan 9, 2026 | On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among… | ||
| CVE-2023-22836 | Low | 0.23 | 3.5 | 0.00 | Jan 29, 2024 | In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants. | ||
| CVE-2023-30946 | Low | 0.23 | 3.5 | 0.00 | Jun 29, 2023 | A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue,… | ||
| CVE-1999-0343 | 0.00 | — | 0.01 | Oct 2, 1998 | A malicious Palace server can force a client to execute arbitrary programs. |
- risk 0.59cvss 9.1epss 0.00
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to…
- risk 0.53cvss 8.2epss 0.00
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
- risk 0.50cvss 7.7epss 0.01
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry…
- risk 0.49cvss 7.5epss 0.00
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that…
- risk 0.49cvss 7.6epss 0.00
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances.
- risk 0.44cvss 6.8epss 0.00
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
- risk 0.44cvss 6.8epss 0.00
One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
- risk 0.42cvss 6.5epss 0.01
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system.
- risk 0.42cvss 6.5epss 0.00
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
- risk 0.42cvss 6.5epss 0.01
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to…
- risk 0.41cvss 6.3epss 0.00
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
- risk 0.41cvss 6.3epss 0.00
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful…
- risk 0.41cvss 6.3epss 0.00
It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful…
- risk 0.41cvss 6.3epss 0.00
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful…
- risk 0.37cvss 5.7epss 0.00
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow…
- risk 0.36cvss 5.5epss 0.00
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.
- risk 0.35cvss 5.4epss 0.00
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates…
- risk 0.35cvss 5.4epss 0.00
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry…
- risk 0.34cvss 5.3epss 0.00
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
- risk 0.34cvss 5.3epss 0.01
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch…
- risk 0.34cvss 5.3epss 0.01
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
- risk 0.34cvss 5.3epss 0.00
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade…
- risk 0.33cvss 5.0epss 0.00
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
- risk 0.31cvss 4.7epss 0.00
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
- risk 0.31cvss 4.8epss 0.00
The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0.
- risk 0.28cvss 4.3epss 0.00
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry…
- risk 0.28cvss 4.3epss 0.00
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a…
- risk 0.27cvss 4.1epss 0.00
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
- risk 0.27cvss 4.2epss 0.00
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks…
- risk 0.27cvss 4.2epss 0.00
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
- risk 0.23cvss 3.5epss 0.00
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among…
- risk 0.23cvss 3.5epss 0.00
In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
- risk 0.23cvss 3.5epss 0.00
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue,…
- CVE-1999-0343Oct 2, 1998risk 0.00cvss —epss 0.01
A malicious Palace server can force a client to execute arbitrary programs.