Palantir Security Team

3 exploits Active since Feb 2023
CVE-2022-27891 WRITEUP MEDIUM WRITEUP
Palantir Gotham < 3.22.10.4 - Information Disclosure
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.
CVSS 5.3
CVE-2022-27892 WRITEUP MEDIUM WRITEUP
Palantir Gotham < 3.22.11.2 - Improper Input Validation
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
CVSS 5.3
CVE-2022-27897 WRITEUP MEDIUM WRITEUP
Palantir Gotham < 3.22.11.2 - Improper Input Validation
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
CVSS 5.3