CVE-2024-49589 Foundry artifacts denial of service

Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...

CVE-2024-49581 Access control issue impacting RV backed objects

Restricted Views backed objects OSV1 could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available...

CVE-2024-49581 Access control issue impacting RV backed objects

Restricted Views backed objects OSV1 could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available...

CVE-2024-49581

CVE-2024-49581 affects Palantir Foundry (Apollo-managed Foundry instances). A software bug in Restricted Views backed objects (OSV1) could be bypassed under specific circumstances, allowing users without permission to view such objects via the Object Explorer. The issue did not enable cross-organ...

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...