Gotham Orbital Simulator path traversal
CVE-2023-30967

9.8CRITICAL

Key Information:

Vendor: Palantir
Status: Com.palantir.meta:orbital-simulator
Vendor: CVE Published:; 26 October 2023

What is CVE-2023-30967?

The Gotham Orbital-Simulator service prior to version 0.692.0 is susceptible to a path traversal vulnerability. This flaw allows unauthenticated users to access arbitrary files on the server's file system, potentially leading to data exposure and unauthorized information disclosure. Organizations using this software should update to the latest version to mitigate the risk.

Affected Version(s)

com.palantir.meta:orbital-simulator * < 0.692.0

References

https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Apr 21, 2023

Palantir

What is CVE-2023-30967?

Affected Version(s)

References

CVSS V3.1

Timeline