Palantir Tiles missing authentication on API endpoints
CVE-2023-30969

8.2HIGH

Key Information:

Vendor: Palantir
Status: Com.palantir.tiles:tiles
Vendor: CVE Published:; 26 October 2023

What is CVE-2023-30969?

The Palantir Tiles1 service exhibits a significant vulnerability due to inadequate authentication and authorization measures across its API endpoints. This flaw can allow unauthorized access to sensitive functionalities, heightening the risk of data exposure and potential misuse. Developers and system administrators must prioritize securing these endpoints to mitigate the risks associated with this vulnerability.

Affected Version(s)

com.palantir.tiles:tiles * < 4.326.0

References

https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Apr 21, 2023