CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30961 – Palantir Gotham UI bug that could lead to incorrect data classification
https://notcve.org/view.php?id=CVE-2023-30961
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. Se descubrió que Palantir Gotham era vulnerable a un error en el que, en determinadas circunstancias, la interfaz podría haber aplicado una clasificación incorrecta a una propiedad o enlace recién creado. • https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8bdf-f95ef3692da4 • CWE-710: Improper Adherence to Coding Standards CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30959 – Stored XSS via javascript URI in Apollo Change Requests comment
https://notcve.org/view.php?id=CVE-2023-30959
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. En las solicitudes de cambio de Apollo, los comentarios agregados por los usuarios pueden contener un enlace URI de JavaScript que, cuando se procesa, dará como resultado un XSS que requiere la interacción del usuario. • https://palantir.safebase.us/?tcuUid=4c257f07-58af-4532-892a-bdbe8ab3ec63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30962 – Stored XSS in cerberus attachments
https://notcve.org/view.php?id=CVE-2023-30962
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 . Se descubrió que el servicio Gotham Cerberus tenía una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que podría haber permitido a un atacante con acceso a Gotham lanzar ataques contra otros usuarios. Esta vulnerabilidad se resuelve en Cerberus 100.230704.0-27-g031dd58. • https://palantir.safebase.us/?tcuUid=92dd599a-07e2-43a8-956a-9c9566794be0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30952 – Foundry Issues reporterPath phishing by parameter injection
https://notcve.org/view.php?id=CVE-2023-30952
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . • https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30950 – CVE-2023-30950
https://notcve.org/view.php?id=CVE-2023-30950
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint • https://palantir.safebase.us/?tcuUid=d839709d-c50f-4a37-8faa-b0c35054418a • CWE-290: Authentication Bypass by Spoofing CWE-862: Missing Authorization •