CVE-2023-30952 – Foundry Issues reporterPath phishing by parameter injection
https://notcve.org/view.php?id=CVE-2023-30952
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . • https://palantir.safebase.us/?tcuUid=42bdb7fa-9a6d-4462-b89d-cabc62f281f4 • CWE-20: Improper Input Validation •
CVE-2023-22833 – Mandatory control bypass in Lime2
https://notcve.org/view.php?id=CVE-2023-22833
Palantir Foundry deployments running Lime2 versions between 2.519.0 and 2.532.0 were vulnerable a bug that allowed authenticated users within a Foundry organization to bypass discretionary or mandatory access controls under certain circumstances. • https://palantir.safebase.us/?tcuUid=7f1fd834-805d-4679-85d0-9d779fa064ae • CWE-304: Missing Critical Step in Authentication CWE-863: Incorrect Authorization •