Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for com.palantir.tiles:tiles by Palantir

    CVE-2023-30969 (GCVE-0-2023-30969)

    Vulnerability from nvd – Published: 2023-10-25 23:16 – Updated: 2024-09-10 16:40
    VLAI
    Title
    Palantir Tiles missing authentication on API endpoints
    Summary
    The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.tiles:tiles Affected: * , < 4.326.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:24.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T16:40:33.249053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T16:40:49.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.tiles:tiles",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "4.326.0",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Palantir Tiles1 service was  found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T23:16:06.131Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2023-35"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Palantir Tiles missing authentication on API endpoints"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-30969",
        "datePublished": "2023-10-25T23:16:06.131Z",
        "dateReserved": "2023-04-21T11:42:33.501Z",
        "dateUpdated": "2024-09-10T16:40:49.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30969 (GCVE-0-2023-30969)

    Vulnerability from cvelistv5 – Published: 2023-10-25 23:16 – Updated: 2024-09-10 16:40
    VLAI
    Title
    Palantir Tiles missing authentication on API endpoints
    Summary
    The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
    Assigner
    Impacted products
    Vendor Product Version
    Palantir com.palantir.tiles:tiles Affected: * , < 4.326.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:45:24.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T16:40:33.249053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T16:40:49.878Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "com.palantir.tiles:tiles",
              "vendor": "Palantir",
              "versions": [
                {
                  "lessThan": "4.326.0",
                  "status": "affected",
                  "version": "*",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Palantir Tiles1 service was  found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T23:16:06.131Z",
            "orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
            "shortName": "Palantir"
          },
          "references": [
            {
              "url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7"
            }
          ],
          "source": {
            "defect": [
              "PLTRSEC-2023-35"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Palantir Tiles missing authentication on API endpoints"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
        "assignerShortName": "Palantir",
        "cveId": "CVE-2023-30969",
        "datePublished": "2023-10-25T23:16:06.131Z",
        "dateReserved": "2023-04-21T11:42:33.501Z",
        "dateUpdated": "2024-09-10T16:40:49.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }