Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for com.palantir.acme.gaia:gaia by Palantir

    CVE-2023-30971 (GCVE-0-2023-30971)

    Vulnerability from nvd – Published: 2025-12-19 16:34 – Updated: 2025-12-19 18:00
    VLAI
    Title
    Gaia unauthenticated endpoints
    Summary
    Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-592 - This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.acme.gaia:gaia Unaffected: 100.231009.45 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:24:29.023190Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T18:00:30.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.acme.gaia:gaia",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.231009.45",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-592",
                  "description": "This weakness has been deprecated because it covered redundant concepts already described in CWE-287.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T16:34:19.437Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2024-37"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Gaia unauthenticated endpoints"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-30971",
        "datePublished": "2025-12-19T16:34:19.437Z",
        "dateReserved": "2023-04-21T11:42:33.501Z",
        "dateUpdated": "2025-12-19T18:00:30.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-30968 (GCVE-0-2023-30968)

    Vulnerability from nvd – Published: 2024-03-12 19:39 – Updated: 2024-08-21 15:33
    VLAI
    Title
    Stored XSS in gaia
    Summary
    One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.acme.gaia:gaia Unaffected: 100.240108.11 , < * (semver)
    Unaffected: 100.240203.6 , < * (semver)
    Unaffected: 100.230807.13 , < * (semver)
    Unaffected: 100.240205.0-12-gf415217 , < * (semver)
    Unaffected: 100.231108.82 , < * (semver)
    Unaffected: 100.231009.47 , < * (semver)
    Unaffected: 100.240202.9 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:24.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:33:22.486616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:33:34.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.acme.gaia:gaia",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240108.11",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240203.6",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.230807.13",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240205.0-12-gf415217",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.231108.82",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.231009.47",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240202.9",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-12T19:39:24.226Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2024-36"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Stored XSS in gaia"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-30968",
        "datePublished": "2024-03-12T19:39:24.226Z",
        "dateReserved": "2023-04-21T11:42:33.501Z",
        "dateUpdated": "2024-08-21T15:33:34.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30971 (GCVE-0-2023-30971)

    Vulnerability from cvelistv5 – Published: 2025-12-19 16:34 – Updated: 2025-12-19 18:00
    VLAI
    Title
    Gaia unauthenticated endpoints
    Summary
    Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-592 - This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.acme.gaia:gaia Unaffected: 100.231009.45 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T17:24:29.023190Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T18:00:30.734Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.acme.gaia:gaia",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.231009.45",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-592",
                  "description": "This weakness has been deprecated because it covered redundant concepts already described in CWE-287.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T16:34:19.437Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2024-37"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Gaia unauthenticated endpoints"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-30971",
        "datePublished": "2025-12-19T16:34:19.437Z",
        "dateReserved": "2023-04-21T11:42:33.501Z",
        "dateUpdated": "2025-12-19T18:00:30.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-30968 (GCVE-0-2023-30968)

    Vulnerability from cvelistv5 – Published: 2024-03-12 19:39 – Updated: 2024-08-21 15:33
    VLAI
    Title
    Stored XSS in gaia
    Summary
    One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.acme.gaia:gaia Unaffected: 100.240108.11 , < * (semver)
    Unaffected: 100.240203.6 , < * (semver)
    Unaffected: 100.230807.13 , < * (semver)
    Unaffected: 100.240205.0-12-gf415217 , < * (semver)
    Unaffected: 100.231108.82 , < * (semver)
    Unaffected: 100.231009.47 , < * (semver)
    Unaffected: 100.240202.9 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:24.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:33:22.486616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:33:34.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.acme.gaia:gaia",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240108.11",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240203.6",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.230807.13",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240205.0-12-gf415217",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.231108.82",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.231009.47",
                  "versionType": "semver"
                },
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "100.240202.9",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently \"stored\" within the data storage of a vulnerable web application as valid input."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\u0027s environment.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-12T19:39:24.226Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=01589957-ed41-4c74-90a0-3f09f7aee1cb"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2024-36"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Stored XSS in gaia"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-30968",
        "datePublished": "2024-03-12T19:39:24.226Z",
        "dateReserved": "2023-04-21T11:42:33.501Z",
        "dateUpdated": "2024-08-21T15:33:34.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }