3 matches found
CVE-2025-62487
CVE-2025-62487 affects Palantir Dossier and Slides apps (Dossier front-end). Root cause: a May 2025 change intended to enable cross-artifact file sharing caused uploads to not be properly marked with security levels. In CBAC-enabled deployments, a security picker dialog lets users set the level, ...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts e.g...