Palantir Gotham UI bug that could lead to incorrect data classification
CVE-2023-30961

6.5MEDIUM

Key Information:

Vendor: Palantir
Status: Com.palantir.acme:gotham-fe-bundle; Com.palantir.acme:titanium-browser-app-bundle
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-30961?

Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.

Affected Version(s)

com.palantir.acme:gotham-fe-bundle * < 100.30230706.22

com.palantir.acme:gotham-fe-bundle 100.30230702.0

com.palantir.acme:gotham-fe-bundle * < 100.30230702.24

References

https://palantir.safebase.us/?tcuUid=2755c49f-2c30-459e-8...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Apr 21, 2023