Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for com.palantir.artifacts:artifacts by Palantir

    CVE-2024-49589 (GCVE-0-2024-49589)

    Vulnerability from nvd – Published: 2025-02-18 17:18 – Updated: 2025-02-18 18:11
    VLAI
    Title
    Foundry artifacts denial of service
    Summary
    Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.artifacts:artifacts Affected: * , < 0.1337.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:25:31.152997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:26:15.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.artifacts:artifacts",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "0.1337.0",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size)."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-572",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An adversary modifies file contents by adding data to files for several reasons. Many different attacks could follow this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-18T18:11:28.932Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2024-48"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Foundry artifacts denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2024-49589",
        "datePublished": "2025-02-18T17:18:41.883Z",
        "dateReserved": "2024-10-16T19:09:45.689Z",
        "dateUpdated": "2025-02-18T18:11:28.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49589 (GCVE-0-2024-49589)

    Vulnerability from cvelistv5 – Published: 2025-02-18 17:18 – Updated: 2025-02-18 18:11
    VLAI
    Title
    Foundry artifacts denial of service
    Summary
    Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.artifacts:artifacts Affected: * , < 0.1337.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:25:31.152997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:26:15.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.artifacts:artifacts",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "0.1337.0",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size)."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-572",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An adversary modifies file contents by adding data to files for several reasons. Many different attacks could follow this pattern resulting in numerous outcomes. Adding data to a file could also result in a Denial of Service condition for devices with limited storage capacity."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-18T18:11:28.932Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b125-406dd2b9b1c3"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2024-48"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Foundry artifacts denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2024-49589",
        "datePublished": "2025-02-18T17:18:41.883Z",
        "dateReserved": "2024-10-16T19:09:45.689Z",
        "dateUpdated": "2025-02-18T18:11:28.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }