Page 3 of 34 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). • https://palantir.safebase.us/?tcuUid=fe021f28-9e25-42c4-acd8-772cd8006ced • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. • https://palantir.safebase.us/?tcuUid=bbc1772c-e10a-45cc-b89f-48cc1a8b2cfc • CWE-346: Origin Validation Error CWE-1173: Improper Use of Validation Framework •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0. • https://palantir.safebase.us/?tcuUid=40367943-738c-4e69-b852-4a503c77478a • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required. • https://palantir.safebase.us/?tcuUid=115d9bf4-201f-4cfe-b2fc-219e3a2d945b • CWE-639: Authorization Bypass Through User-Controlled Key CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required. • https://palantir.safebase.us/?tcuUid=3c6b63b7-fb67-4202-a94a-9c83515efb8a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-82: Improper Neutralization of Script in Attributes of IMG Tags in a Web Page •