Page 6 of 33 results (0.006 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-14.md • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-10.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-11.md • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. Vulnerabilidad de exposición de información a través de archivos de registro descubierta en Foundry cuando los registros se capturaron utilizando una librería subyacente conocida como Build2. Este problema estaba presente en versiones anteriores a la 1.785.0. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-06.md • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. Vulnerabilidad de exposición de información a través de archivos de registro descubierta en Foundry Code-Workbooks donde el endpoint que respalda esa consola generaba registros de servicio de cualquier código Python que se estuviera ejecutando. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md • CWE-532: Insertion of Sensitive Information into Log File •