EUVD-2024-55358

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

CVE-2024-49587 Glutton V1 endpoints missing authentication

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed...

CVE-2024-49587

CVE-2024-49587 concerns Glutton V1: unauthenticated endpoints on Gotham stacks could let attackers access backend data (read/update/delete). The issue is confirmed across Red Hat/NVD/CVE listings and related feeds, with a documented root cause of exposed service endpoints and no user authenticati...

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

CVE-2024-49589

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

CVE-2024-49589

Foundry Artifacts is affected by a Denial of Service via disk exhaustion caused by a user-supplied size argument. The PT-2025-6701 entry notes the affected versions are not specified and provides no fix information; no exploit details are described in the provided documents. Monitor for updates.

CVE-2024-49589 Foundry artifacts denial of service

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

CVE-2024-49581

Restricted Views backed objects OSV1 could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available...

CVE-2024-49581 Access control issue impacting RV backed objects

Restricted Views backed objects OSV1 could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available...

CVE-2024-49581 Access control issue impacting RV backed objects

Restricted Views backed objects OSV1 could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available...

CVE-2022-27891

Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected servic...

CVE-2022-27891 Palantir Gotham included an unauthenticated endpoint that listed all active usernames in the platform with an active session.

Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected servic...

PT-2023-12921 · Palantir · Palantir Gotham

Name of the Vulnerable Software and Affected Versions: Palantir Gotham versions prior to 103.30221005.0 Description: The issue concerns an unauthenticated endpoint in Palantir Gotham that lists all active usernames on the stack with an active session. The affected services have been patched and...