Headline
CVE-2023-30956: Palantir | Trust and Security Portal
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
Palantir Security Bulletin - PLTRSEC-2023-11
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-11
CVE: CVE-2023-22836
Affected Products / Versions: guardian, versions less than 2.278.0
Publication Date: June 2, 2023
Summary
In cases where a multi-tenant stack user is operating Foundry’s Guardian service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
Background
Foundry Guardian is a Foundry service for creating and managing resources in a centralized and standardized way.
Details
A pull request was merged on Feb 17th 2023 which caused Foundry’s Guardian service to not respect tenant boundaries when listing group names (typically these will be the names of customers). This data is considered sensitive and should not be shared between tenants. The issue was resolved on Feb 23rd with the release of version 6.202.0.
Remediation
Upgrade the guardian service to 2.278.0 or higher
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A
Security Response
Incidents
Copy link
CVE-2023-34362****Background
On June 2nd, Progress MOVEit disclosed a vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database. This vulnerability, disclosed as CVE-2023-34362, was rated as Critical (9.8 CVSSv3) and was exploited in the wild by various actors.
Palantir is not affected
Palantir is not affected by the Progress MOVEit vulnerability described in CVE-2023-34362.
Palantir has no reliance on this software in any of our environments. There is no action required for any of our customers.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-26
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-26
CVE: CVE-2023-30960
Affected Products / Versions: job-tracker, versions less than 4.645.0
Publication Date: June 29, 2023
Summary
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to.
Background
Foundry job-tracker is a service that provides a fast, permissioned cache of foundry builds and a build state UI.
Details
Foundry job-tracker provides several API endpoints to query metadata related to builds, and provides filters for those results such as underlying resource RIDs, time of creation and build status.
It was discovered that by replacing a RID in the filter with one the user did not have access to, they could still query build metadata for that resource if it existed. Furthermore, by removing all entries for the filter the service would return metadata for all build objects in its cache, including those that related to resources the user did not have access to.
Build metadata that was impacted includes: The RID of the build, the username and UUID of the build’s author, start and finish time of the build, the RIDs of the input and output datasets, Job metadata related to the build and Build Status.
Remediation
This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-28
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-28
CVE: CVE-2023-30963
Affected Products / Versions: foundry-frontend, versions less than 6.229.0
Publication Date: June 29, 2023
Summary
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry’s CSP were to be bypassed.
Background
Foundry Slate is an extensible WYSIWYG (“what you see is what you get”) web-based application used to quickly create interactive visualizations of aggregate enterprise data.
Details
When creating Queries in Slate, users have the ability to create folders to assist with organization. If a folder was created with an XSS payload as the name, it was discovered that when attempting to move a query into any folder using the dropdown menu, the XSS would be triggered. This XSS was blocked by Foundry’s CSP and would therefore require a CSP bypass to become effective.
Remediation
This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-27
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-27
CVE: CVE-2023-30958
Affected Products / Versions: foundry-frontend, versions less than 6.225.0
Publication Date: June 29, 2023
Summary
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry’s CSP were to be bypassed.
Background
Foundry Frontend’s Developer Mode allows users to interact with Foundry in a manner intended for technical users and developers on Foundry. A defect was identified in how the Frontend handles redirects from the Developer Mode page that enabled DOM XSS.
Details
The developer mode service implements a GET parameter ‘redirectTo’ that is used to determine what page should be navigated to when a user clicks the appropriate button in the UI.
It was found that Foundry Frontend used this parameter in conjunction with a sink without sanitization which could lead to DOM XSS attacks. The attack proof-of-concept was blocked by Foundry’s strict CSP which means that the vulnerability could not be utilized to effect without also finding a CSP bypass.
Remediation
This defect was resolved with the release of Foundry Frontend 6.225.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-15
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-15
CVE: CVE-2023-30946
Affected Products / Versions: issues, versions less than 2.497.0
Publication Date: June 26, 2023
Summary
A security defect was identified in Foundry Issues that enabled users to retrieve Issue metadata from Foundry’s notification API if they were assigned to an issue but did not have access to it.
Background
Foundry Issues enables users of Foundry to surface, find, and resolve problems that they encounter within Foundry by filing issues on certain types of resources.
Details
If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry’s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
Remediation
This defect was resolved with the release of issues-service 2.497.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-23
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-23
CVE: CVE-2023-30955
Affected Products / Versions: workspace, versions less than 7.7.0
Publication Date: June 26, 2023
Summary
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode’.
Background
Workspace ‘Developer Mode’ is a feature set in Foundry that affords privileged users the ability to interact with the Foundry Platform in a technical manner. Features include the ability to preview work-in-progress changes via a commit preview function and toggling in-development client-side features in the platform.
Details
An authorization check is made to discern whether or not a user should be entitled to view settings related to Developer Mode when requested. On a failure to authorize, the user would be presented with a UI prompt explaining they were not entitled to view the feature set. It was discovered that by using an intercepting proxy to edit inbound traffic related to the UI, a user could trick the frontend into rendering the prohibited features allowing them to browse and interact with Developer mode in a limited capacity.
Remediation
This defect was resolved with the release of workspace-server 7.7.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-20
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-20
CVE: CVE-2023-30951
Affected Products / Versions: magritte-rest-source-bundle, versions less than 7.210.0
Publication Date: June 26, 2023
Summary
The magritte rest-source plugin prior to version 7.210.0 is vulnerable to an XML external Entity (XXE) attack.
Background
Foundry can integrate with external systems that expose a REST API. The REST API source may be used for workflows requiring interactive HTTP requests to external systems directly from Foundry applications via Actions. For example, you can create a Workshop application with a button that uses a webhook to calls a REST endpoint when clicked, connecting that application to existing workflows and source systems.
Details
Magritte rest-source plugin, specifically the XML extractor that performs XML response extraction from an HTTP endpoint response was found to be vulnerable to an XXE exploit which could have allowed a malicious user to exfiltrate sensitive files from inside the magritte agent.
Remediation
On Palantir-managed environments, the following services have been upgraded to patched versions which properly validate the XML document and safely parses it by disallowing external DTD. Customers which manage their own environments without Apollo should reach out to their forward deployed engineer or other Palantir POC.
Magritte-rest source if it is in use, to version >= 7.210.0 (Foundry only)
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A
PLTRSEC-2023-25
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-25
CVE: CVE-2023-22835
Affected Products / Versions: foundry-frontend, versions less than 6.228.0; issues, versions less than 2.510.0
Publication Date: June 26, 2023
Summary
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants.
Background
Foundry Issues enables users of Foundry to surface, find, and resolve problems that they encounter within Foundry by filing issues on certain types of resources. Issues have a state that shows at what stage in the management lifecycle they are currently in. Issues can be open or closed, but they also may be waiting for a response from the reporter for example.
Details
When an action is performed in an Issue such as making a comment or changing an Issue state, the record of the Issue is updated with the values that changed to keep a historical log of actions made. It was discovered that when making a request to change the state of any Issue a user could modify the state in an unexpected manner, and the malformed state would be persisted in the Issue record.
When Foundry Frontend attempted to render the Issue with the tainted Record, an exception would be thrown which resulted in a loss of functionality in Foundry Frontend when browsing the Issues app for all assignees of that Issue.
Remediation
This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. The services were rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-21
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-21
CVE: CVE-2023-30950
Affected Products / Versions: campaigns, versions less than 0.623.0
Publication Date: June 26, 2023
Summary
Foundry Campaigns versions prior to 0.623.0 included an unauthenticated endpoint that would have allowed an attacker to disclose a private campaign without authentication.
Background
On June 8th, 2023 , it was discovered that an endpoint in foundry campaigns service could return details about a campaign without authentication/authorization. An attacker would need to know a target campaign ID and then query the vulnerable endpoint to return information about the campaign.
Details
The Campaigns app allows deployment teams to create (via an intuitive WYSIWYG interface) and schedule HTML email campaigns to dynamic end-user targets.
Remediation
The vulnerable endpoint was patched to require full authorization and authentication on the target resource. On Palantir-managed Foundry enrollments, the relevant services have been automatically upgraded to the fully-patched version.
Palantir Foundry - Customer hosted (without Apollo): Upgrade service to the following versions
Foundry Campaigns: 0.623.0
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-24
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-24
CVE: CVE-2023-30956
Affected Products / Versions: comments, versions less than 2.267.0
Publication Date: June 26, 2023
Summary
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment.
Background
Foundry Comments is a service that allows users to converse and collaborate within the context of a resource in the Foundry Platform.
Details
When uploading an attachment to a comment, the attachment is stored in Foundry’s primary datastore and a UUID representing it’s location is returned to the service.
When requesting to delete a comment with an attachment the UUID of the attachment is submitted as a part of the request to enable Foundry to display it as part of a confirmation prompt. It was discovered that a user could replace the UUID of the attachment they were attempting to delete in the original request with the UUID of an attachment they were targeting to discover it’s contents.
This would require the user to find the UUID of the targeted attachment, which is not trivial due to the nature of UUIDs.
Remediation
This defect was resolved with the release of Foundry Comments 2.267.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-12
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-12
CVE: CVE-2023-30954
Affected Products / Versions: N/A
Publication Date: June 9, 2023
Summary
Palantir Gotham’s video-application-server service contained a race condition which could result in classification markings not being applied to new videos.
Background
The video-application-server service is responsible for surfacing available videos and integrating them with the Gotham platform.
Details
If the Gotham video-application-server service’s source system had not yet initialized, it would assign new video feeds to a default collection with no classification markings. This could have caused videos to become viewable by users who would otherwise not have access.
Remediation
Upgrade video-application-server to 2.206.1 or higher
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A*
Palantir Security Bulletin - PLTRSEC-2023-09
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-09
CVE: CVE-2023-22834
Affected Products / Versions: N/A
Publication Date: April 21, 2023
Summary
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow them to clutter up Compass folders with extraneous analyses they would otherwise not have permission to create.
Background
Contour is a point-and-click data exploration, analysis and transformation tool. Contour enables users to work with their data in a visual and iterative fashion making and tweaking decisions based on what they see.
Details
On Jan 5th 2023, a pull request was merged that removed an authorization check from contour. Following this, users would be able to create Contour analysis even if they wouldn’t otherwise have permission. Users would still need authorization to access the underlying datasets for any analysis they created. The only known security impact is that users may have been able to clutter up folders by creating contour analyses in places they wouldn’t have otherwise have permission to do so. This change was discovered and remediated on April 14th.
Remediation
Upgrade Contour to 9.642.0 or higher
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-19
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-19
CVE: CVE-2023-30952
Affected Products / Versions: N/A
Publication Date: June 9, 2023
Summary
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. A fix was applied with Foundry Frontend 6.228.0 and rolled out to all affected Foundry instances.
Background
Foundry Issues enables users of Foundry to surface, find, and resolve problems that they encounter within Foundry by filing issues on certain types of resources. When creating an Issue in Foundry the request that is sent contains a ‘reporterPath’ parameter, the contents of which are used to create a URI that links to the location where the issue was raised. The contents of this are ultimately user controlled and can be changed to create realistic phishing links.
Details
No URI validation was performed on parameters submitted as part of the Issue creation request. Typically the submitted ‘reporterPath’ parameter is prefixed by the URI of the Foundry Deployment that the issue is raised on. By editing the ‘reporterPath’ parameter to include syntax related to HTTP basic auth, it was possible to generate a link that navigates to domains outside of Foundry that would still be prefixed by the Foundry Deployment URI, creating a phishing link that looks realistic.
Remediation
URIs are now checked on Issue submission to ensure they are correctly formatted, otherwise they are discarded. A fix has been applied to affected Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A*
Palantir Security Bulletin - PLTRSEC-2023-13
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-13
CVE: CVE-2023-30953
Affected Products / Versions: N/A
Publication Date: June 9, 2023
Summary
Users with edit access to Foundry magritte sources could cause configured secrets for that source to be logged
Background
Magritte is the primary service used to ingest data from external systems into Foundry.
Details
By configuring a magritte source with malformed YAML, a user with edit access could cause the service to produce error messages that would include configured secrets for the source. The secrets would then be accessible to anyone with access to logs from the relevant foundry deployment.
Remediation
Upgrade the following services:
- magritte-coordinator to 9.1100.0
- magritte-bootstrapper-bundle to 9.926.0
- magritte-transforms-extract-runner-bundle to 9.926.0
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A*
Palantir Security Bulletin - PLTRSEC-2023-08
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-08
CVE: CVE-2023-22837
Affected Products / Versions: N/A
Publication Date: June 9, 2023
Summary
The Delegated-Media Service does not validate that users have permission to access a media resource. If an authenticated user guesses or is given an s3 URL which the delegated-media host has access to, they will be able to access it via delegated-media even if they otherwise would not have permission.
Background
Delegated Media is a service used as part of Palantir Gotham to access external media, such as media stored in s3 buckets.
Details
The Delegated-Media Service was initially intended to be deployed with an additional authentication layer which would perform authorization checks. As the service is currently deployed, it could be used to bypass authorization checks for media by passing it a URL for an external media object that the Delegated-Media Service has access to. Delegated-media 1.0.0 adds an authorization check, resolving the issue.
Remediation
Upgrade to delegated-media 1.0.0
Timeline
2021-07-09: Gotham introduces S3-bucket support delegated media
2023-03-17: Authorization feature touchdown in delegated media
2023-03-22: SDI filed for delegated-media backed by S3
2023-01-17: Gotham/AppSec planning to improve delegated-media S3 access controls
2022-08-08: AppSec follow-up on delegated-media
2019-10-18: Initial approval for tests on staging stacks
2023-03-27: delegated-media 1.0.0 is released
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A*
Palantir Security Bulletin - PLTRSEC-2023-18
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-18
CVE: CVE-2023-30945
Affected Products / Versions: clips2, versions less than 0.111.2; video-clip-distributor, versions less than 0.24.10; video-history-server, versions less than 2.210.3
Publication Date: June 9, 2023
Summary
Multiple Services in video application server were vulnerable to an unauthenticated path traversal attack that resulted in an arbitrary file read/write/delete. The affected services have been patched and automatically deployed to all Apollo-managed Foundry instances.
Background
Video Application Server is a repository that hosts multiple services such as VHS (Video History Service), VCD(Video Clip Distributor) and DVD (Dummy video Distributor). …
video-application-server (VAS): Central video service that is responsible for surfacing available videos and integrating with the Gotham platform.
video-history-server (VHS): Service that is responsible for maintaining video archives and serving archived video.
dummy-video-distributor (DVD): Service that plays files on disk as live streams via ffmpeg or multicast.
Clips2 : Clips2 is built around a headless Chrome Browser and FFMPEG to support video clip exports
Details
On May 2nd, 2023 all of the services in VAS were found to be vulnerable to multiple unauthenticated path traversal issues due to missing validation on filenames which could have allowed a malicious user to read sensitive files on any of the impacted services filesystem or create/delete files as well.
Upon further investigation another service (clips2) was discovered to use a similar vulnerable pattern . Internal teams have audited the whole fleet and determined no true positive instances of the vulnerability being abused or exploited.
Remediation
VHS, VCD, DVD: All the vulnerable endpoint perform a correct validation on the filename parameters and also require authentication on all the resources. Clips2: The vulnerable endpoints were patched to perform correct validation on the filename parameters.
On Palantir-managed Gotham enrollments, the relevant services have been automatically upgraded to the fully-patched version.
Palantir Gotham - Customer hosted (without Apollo) : Upgrade services to the following versions
- VHS: 2.210.3
- VCD: 0.24.10
- Clips2: 0.111.2
Timeline
2023-05-02: Relevant product teams have been paged and root cause was identified
2023-05-03: Impacted versions have been upgraded and new version released
2023-05-02: The Vulnerability has been identified internally and an incident has been spun up
2023-05-02: Initial PR to fix the first issue
2023-05-02: The rest of the PRs to fix the vulnerabilities have been merged in production
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A*
Palantir Security Bulletin - PLTRSEC-2023-16
Vulnerabilities
Copy link
Security Bulletin
Bulletin ID: PLTRSEC-2023-16
CVE: CVE-2023-30948
Affected Products / Versions: comments, versions less than 2.249.0
Publication Date: June 06, 2023
Summary
A security defect was discovered in Foundry’s Comments functionality. A fix has been applied and rolled out to your Foundry environment. The vulnerability allowed an authenticated user to retrieve attachments tied to comments if the random UUID associated with that attachment was discovered.
Background
A security defect in Foundry’s Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it’s content.
An investigation revealed no known exploitation of this vulnerability.
Details
When adding an attachment to a comment, the Comments Service returns a UUID which is used as a locator for that attachment in our primary datastore Alta.
This UUID is appended to attachment insertions when creating new comments. It was found that no additional authorization checks were performed when negotiating retrieval of the attachment. This resulted in a situation where an authenticated party could inject a valid UUID, if it were discovered, to a comment creation request and leak the contents of the attachment associated with the injected UUID from an unrelated comment that they may otherwise be unable to see.
Due to the nature of UUIDs, successful exploitation of this vulnerability would require the user to discover a target UUID via other means, or otherwise invest considerable resources in attempting to brute force a valid UUID.
Remediation
This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Timeline
N/A
Acknowledgement
This issue was identified by an external security researcher as part of our bug bounty program.
Published at N/A
Palantir Security Bulletin - PLTRSEC-2023-17
Vulnerabilities
Copy link
PLTRSEC-2023-17****Summary
Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances.
Background
A software bug in Foundry’s Lime2 service (versions 2.519.0 through 2.531.0) occurred, and resulted in the service not correctly verifying permissions when API queries were issued through Foundry’s Phonograph service under certain circumstances. The regression introduced by this software bug manifested in a way where authenticated users within a Foundry organization could potentially bypass discretionary or mandatory access controls applied to objects with discover permissions for their account.
A thorough investigation revealed no known exploitation of this bug on Palantir managed or on-premise environments.
Details
The vulnerability could potentially impact authenticated users’ front-end and back-end access. For front-end access, users with discovery (view) permissions on an object type may have been able to view the object type and observe aggregations related to the object type. For back-end access, the impacted phonograph search API endpoint may have returned a list of objects and associated properties that did not respect mandatory or discretionary controls. However, data returned via this API would respect GPS security constraints.
Successful exploitation of this bug via back-end access would require elevated permissions within Foundry, knowledge of the phonograph2 API endpoints, and specific resource identifiers, which are generally undiscoverable to non-privileged users.
For front-end access, users with discovery (view) permissions on an object type may have been able to:
- View the object type and observe aggregations related to the object type, such as the count of objects and properties.
- Access a small subset of Foundry user interface components, including Object Explorer, Workshop, and Search, possibly exposing some metadata to users.
- Direct loads or reads of object data (e.g., rows, columns) remained protected in all cases by role-based security controls and were not visible to unauthorized users. Despite these exposures, the risk of unauthorized front-end data access is considered low.
For back-end access, the impacted Phonograph2 API endpoints may have exhibited the following behaviors:
The API endpoints may have returned a list of objects and associated properties that did not respect mandatory or discretionary controls.
Data returned via impacted API endpoints would have continued to respect granular permission service (GPS) security constraints and only displayed data the requestor was authorized to view for the relevant policy. However, this could have inadvertently revealed object metadata to the requestor.
All other Phonograph2 API endpoints, such as the data load endpoints (e.g., getObject, getObjects, etc), continued to appropriately respect discretionary and mandatory access controls. Successful exploitation of this bug via back-end access would require:
Pre-existing elevated permissions within Foundry (e.g., ‘Ontology Administrator’).
Knowledge of the Phonograph2 API endpoints. Specific resource identifiers (e.g., GUIDs) which are generally undiscoverable to non-privileged users.
In certain cases, existing Slate dashboards may have relied on the discretionary permissions to limit the scope of the usage of the affected APIs for a subset of users of those dashboards. In such cases, users might have been inadvertently exposed to the list of objects and associated properties mentioned above. However, the likelihood of this occurring is believed to be low.
Remediation
The bug has been fixed as of Lime version 2.532.0, and the patch has been deployed to the affected Foundry environments. No ongoing risk of unintended data visibility is associated with this remediated vulnerability. No direct action is required from affected parties at this time.
Acknowledgement
This issue was identified internally at Palantir.
Published at N/A
Third Party Risk Assessment Platforms
General
Copy link
Many third-party organizations leverage “third-party risk assessment” platforms as part of their security due diligence efforts.
Unfortunately, the Palantir Information Security Team has increasingly observed that many of the platforms in this space are unreliable and include flawed “results” or “findings” which are irrelevant and erroneous. These platforms regularly misattribute information between unrelated organizations, employ questionable techniques resulting in data collection and completeness problems, and fundamentally do not provide valuable information about Palantir’s infrastructure or security risk.
At the date of this publication, historic substantive, true-positive findings observed in these platforms has been de minimus. Individually responding to erroneous findings across an increasing tapestry of vendors in this space is an onerous and expensive task which ultimately detracts from meaningful cybersecurity work. As such, it is the policy of the Palantir information security team not to respond to inquiries or “findings” generated by such vendors or platforms.
We believe this policy allows us to best direct our cybersecurity resources towards efforts that maximize the security for Palantir, and for our customers. This ultimately allows us to meet the highest bar for security, data protection, privacy, and compliance, to which we are committed. In furtherance of this commitment, through our Safebase portal, we have published detailed security documentation, including reliable information reflecting risk and posture management, penetration and security testing, our accreditations, security controls, and other relevant, and detailed, security and technical information in order to inform meaningful risk assessments by our customers and prospective customers.
We remain confident that these materials demonstrate how Palantir’s infrastructure and operations meet the highest security standards.
Published at N/A*
Palantir Security Bulletin - PALSEC-2023-01
Incidents
Copy link
Palantir Security Bulletin - PALSEC-2022-07
Incidents
Copy link
Palantir Security Bulletin - PALSEC-2022-05
Incidents
Copy link
Security Bulletin
A security bulletin has been publicly disclosed for our software.
PALSEC-2022-05
The delivery-metadata service in Palantir Apollo was found to permit API endpoints that did not adequately require authentication to query, potentially granting read access to metadata such as deployed software version numbers to unintended recipients. The subsequent investigation uncovered insufficient authentication controls in the team-ownership service as well, which is responsible for metadata pertaining to package installations. These vulnerabilities are resolved in apollo-deployment-state version 4.714.0, delivery-metadata version 2.565.0, and team-ownership version 0.171.0, respectively. As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest version of all relevant Apollo services.
More Information
Full details of this security bulletin can be found in our GitHub repository.
Published at N/A
Palantir Security Bulletin - PALSEC-2022-04
Incidents
Copy link
Security Bulletin
A security bulletin has been publicly disclosed for our software.
PALSEC-2022-04
The Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0, which has been automatically deployed to all Apollo-managed Foundry instances. As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest version of Blobster.
More Information
Full details of this security bulletin can be found in our GitHub repository.
Published at N/A
Palantir Security Bulletin - PALSEC-2022-03
Incidents
Copy link
Security Bulletin
A security bulletin has been publicly disclosed for our software.
PALSEC-2022-03
The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. Magritte sources which leverage this plugin using HTTP Basic Authentication should change their OSISoft PI System account credentials.
More Information
Full details of this security bulletin can be found in our GitHub repository.
Published at N/A*
Palantir response to OpenSSL CVE-2022-3786 and CVE-2022-3602
Incidents
Copy link
Security Response******CVE-2022-3786 and CVE-2022-3602:******Background
On October 25th, the OpenSSL maintainers published an announcement to the community of a forthcoming release of version 3.0.7 which contained a patch for a CRITICAL vulnerability set to be released on November 1. Upon receiving the notification, the Palantir CIRT (Computer Incident Response Team) opened an investigation to determine the overall exposure to Palantir platforms and infrastructure. Subsequent notices from the OpenSSL maintainers indicated that only the 3.0.x branch contained the CRITICAL fix and so, in conjunction with our product development teams, we began to investigate and understand the usage of OpenSSL 3.0.x across our organization. By Friday October 28th we concluded our assessment and stood by for the November 1 release.
Yesterday, OpenSSL 3.0.7 was released which resolved two HIGH CVEs: CVE-2022-3786 and CVE-2022-3602. After the initial announcement on October 25th, the OpenSSL maintainers conducted further analysis of the issues and determined they were not as exploitable as initially thought. Regardless, the Palantir InfoSec Team treats all software issues of this nature with the utmost importance, regardless of the surrounding circumstances.
Palantir is not affected
Palantir is not affected by the OpenSSL vulnerabilities in CVE-2022-3786 and CVE-2022-3602:
After a comprehensive search for usage of the offending libraries we have no reliance on and have found no evidence of OpenSSL 3.0.x in our hosted infrastructure and products. There is no action required for any of our customers.
Published at N/A*
Related news
MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized.
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
Categories: Threat Intelligence Following a three-month lull of activity, Cl0p returned with a vengeance in June and beat out LockBit as the month’s most active ransomware gang. (Read more...) The post Ransomware review: July 2023 appeared first on Malwarebytes Labs.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
The information leak threats are certainly new, but the education and messaging from security evangelists (and even just anyone trying to educate an older or less security-savvy family member) doesn’t change.
YouTube released a statement that “we will stop removing content that advances false claims that widespread fraud, errors, or glitches occurred in the 2020 and other past US Presidential elections.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection
Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances.
A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content. This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to
JFrog argues vulnerability risk metrics need complete revamp
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.
SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.
SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.
Welcome to this week’s edition of the Threat Source newsletter. I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase
By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
By Deeba Ahmed The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Summary Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services. Any customer action that is required will be highlighted in this blog and our associated Security Update Guides (CVE-2022-3786 Security Update Guide and CVE-2022-3602 Security Update Guide).
Summary Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services. Any customer action that is required will be highlighted in this blog and our associated Security Update Guides (CVE-2022-3786 Security Update Guide and CVE-2022-3602 Security Update Guide).
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or
In late October two new buffer overflow vulnerabilities, CVE-2022-3602 and CVE-2022-3786, were announced in OpenSSL versions 3.0.0 to 3.0.6. These vulnerabilities can be exploited by sending an X.509 certificate with a specially crafted email address, potentially causing a buffer overflow resulting in a crash or
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow * CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow * CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
Ubuntu Security Notice 5710-1 - It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext.
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to ...