Lucene search

[email protected]CVE-2022-27897

HistoryFeb 16, 2023 - 4:15 p.m.

CVE-2022-27897

2023-02-1616:15:12

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-27897

palantir gotham

unauthenticated endpoint

memory exhaustion

zip files

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.8%

JSON

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.

Affected configurations

NVD

Node

palantirgothamRange<3.22.11.2

CPENameOperatorVersion
palantir:gothampalantir gothamlt3.22.11.2

CPE	Name	Operator	Version
palantir:gotham	palantir gotham	lt	3.22.11.2

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "Gotham",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.22.11.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-12.md

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.8%

JSON

Related for CVE-2022-27897

nvd1 cvelist1 prion1