Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Palantir — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Palantir. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Palantir Technologies primarily develops software platforms for data integration, analysis, and decision-making, serving government agencies and large enterprises. With forty-seven recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical attack surface has frequently involved remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex web interfaces and backend data processing components, allowing attackers to potentially bypass authentication or execute arbitrary commands. Notable security characteristics include the inherent risks associated with handling sensitive, classified, or proprietary data, which makes successful exploitation particularly damaging. While specific major public breaches are less documented compared to consumer tech firms, the high-value nature of its client base necessitates rigorous security postures. The recurring nature of these CVEs highlights the challenges of securing large-scale, integrated data ecosystems against sophisticated threat actors seeking access to critical information infrastructure.

Top products by Palantir: com.palantir.foundry:foundry-frontend Gotham com.palantir.comments:comments com.palantir.acme.gaia:gaia com.palantir.acme.cerberus:cerberus com.palantir.magritte:magritte-rest-source-bundle com.palantir.acme:gotham-fe-bundle com.palantir.apollo:autopilot com.palantir.tiles:tiles com.palantir.meta:orbital-simulator com.palantir.video:video-application-server com.palantir.skywise:guardian com.palantir.gotham:blackbird-witchcraft com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar com.palantir.gotham:external-artifacts com.palantir.artifacts:artifacts com.palantir.secupload:secure-upload com.palantir.controlpanel:control-panel com.palantir.compute:compute-service com.palantir.gotham:glutton com.palantir.acme:gotham-default-apps-bundle com.palantir.aries:aries sls-logging Foundry Multipass AtlasDB Foundry Magritte plugin osisoft-pi-web-connector Foundry Blobster Service Foundry Build2 Foundry Code-Workbooks Palantir Gotham Chat IRC helper
CVE IDTitleCVSSSeverityPublished
CVE-2023-22834 The contour service was not checking that users had permission to create an analysis for a given dataset — com.palantir.contour:contour-dispatchCWE-425 2.7 Low2023-06-26
CVE-2023-30945 CVE-2023-30945 — com.palantir.gotham:clips2CWE-287 9.8 Critical2023-06-26
CVE-2023-22833 Mandatory control bypass in Lime2 — com.palantir.lime:lime2CWE-304 7.6 High2023-06-06
CVE-2023-30948 Retrieval of Attachments to Comments lacks Authorization — com.palantir.comments:commentsCWE-285 6.5 Medium2023-06-06
CVE-2022-48308 Palantir 信任管理问题漏洞 — sls-loggingCWE-297 6.3 Medium2023-02-16
CVE-2022-27890 Palantir 信任管理问题漏洞 — AtlasDBCWE-297 6.3 Medium2023-02-16
CVE-2022-27891 Palantir Gotham included an unauthenticated endpoint that listed all active usernames in the platform with an active session. — GothamCWE-200 5.3 Medium2023-02-16
CVE-2022-27892 Palantir Gotham included an endpoint that would log arbitrary sized payloads. — GothamCWE-20 5.3 Medium2023-02-16
CVE-2022-27897 Palantir Gotham included an endpoint that would log arbitrary sized zip files. — GothamCWE-20 5.3 Medium2023-02-16
CVE-2022-48306 Gotham Chat IRC help does not validate hostnames in TLS certificates — Palantir Gotham Chat IRC helperCWE-297 5.7 Medium2023-02-16
CVE-2022-48307 Palantir 信任管理问题漏洞 — Foundry MagritteCWE-297 6.3 Medium2023-02-16
CVE-2022-27895 A component in Foundry logging was found to be capturing sensitive information in logs. — Foundry Build2CWE-532 4.2 Medium2022-11-15
CVE-2022-27896 The Foundry Code-Workbooks service was found to contain an issue leading to information disclosure. — Foundry Code-WorkbooksCWE-532 4.2 Medium2022-11-14
CVE-2022-27894 The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability. — Foundry Blobster ServiceCWE-79 4.8 Medium2022-11-04
CVE-2022-27893 The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. — Foundry Magritte plugin osisoft-pi-web-connectorCWE-532 4.2 Medium2022-11-04
CVE-2022-27889 The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations. — Foundry MultipassCWE-400 5.3 Medium2022-06-14
CVE-2022-27888 The Foundry Issues service was found to be logging in a manner that captured session tokens. — Foundry IssuesCWE-532 5.5 Medium2022-04-26

This page lists every published CVE security advisory associated with Palantir. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.