CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27896 – The Foundry Code-Workbooks service was found to contain an issue leading to information disclosure.
https://notcve.org/view.php?id=CVE-2022-27896
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. Vulnerabilidad de exposición de información a través de archivos de registro descubierta en Foundry Code-Workbooks donde el endpoint que respalda esa consola generaba registros de servicio de cualquier código Python que se estuviera ejecutando. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27894 – The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability.
https://notcve.org/view.php?id=CVE-2022-27894
The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. Se descubrió que el servicio Foundry Blobster tenía una vulnerabilidad de cross-site scripting (XSS) que podría haber permitido a un atacante con acceso a Foundry lanzar ataques contra otros usuarios. Esta vulnerabilidad se resuelve en Blobster 3.228.0. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-04.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27889 – The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations.
https://notcve.org/view.php?id=CVE-2022-27889
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-02.md • CWE-400: Uncontrolled Resource Consumption CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27888 – The Foundry Issues service was found to be logging in a manner that captured session tokens.
https://notcve.org/view.php?id=CVE-2022-27888
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. Se ha detectado que el servicio Foundry Issues versiones 2.244.0 a 2.249.0, registraba información confidencial (tokens de sesión). Este problema ha sido corregido en versión 2.249.1 • https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-01.md • CWE-532: Insertion of Sensitive Information into Log File •