Gotham Orbital Simulator path traversal
CVE-2023-30967

9.8CRITICAL

Key Information:

Vendor

Palantir

Status
Com.palantir.meta:orbital-simulator
Vendor
CVE Published:
26 October 2023

What is CVE-2023-30967?

The Gotham Orbital-Simulator service prior to version 0.692.0 is susceptible to a path traversal vulnerability. This flaw allows unauthenticated users to access arbitrary files on the server's file system, potentially leading to data exposure and unauthorized information disclosure. Organizations using this software should update to the latest version to mitigate the risk.

Affected Version(s)

com.palantir.meta:orbital-simulator * < 0.692.0

References

https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.