Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Gotham Security Vulnerabilities - 2023

cve
cve

CVE-2022-27891

Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services...

5.3CVSS

5.5AI Score

0.001EPSS

2023-02-16 04:15 PM
23
cve
cve

CVE-2022-27892

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.

7.5CVSS

7.5AI Score

0.001EPSS

2023-02-16 04:15 PM
23
cve
cve

CVE-2022-27897

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.

7.5CVSS

7.5AI Score

0.001EPSS

2023-02-16 04:15 PM
13