Palantir

4 exploits Active since Jun 2022
CVE-2022-27889 WRITEUP MEDIUM WRITEUP
Palantir Foundry Multipass < 3.647.0 - Denial of Service via Authentication/Authorization Operations
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
CVSS 5.3
CVE-2022-27893 WRITEUP MEDIUM WRITEUP
osisoft-pi-web-connector 0.15.0-0.43.0 - Sensitive Information Exposure via Log File
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
CVSS 4.2
CVE-2022-27894 WRITEUP MEDIUM WRITEUP
Foundry Blobster 3.207.0-3.227.0 - Cross-Site Scripting
The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0.
CVSS 4.8
CVE-2022-27896 WRITEUP MEDIUM WRITEUP
Palantir Foundry Code-Workbooks 4.144.0-4.460.0 - Foundry Token Exposure in Service Logs
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.
CVSS 4.2