Gotham table and Forward App Path traversal
CVE-2023-30970

6.5MEDIUM

Key Information:

Vendor: Palantir
Status: com.palantir.gotham:blackbird-witchcraft
Vendor: CVE Published:; 29 January 2024

What is CVE-2023-30970?

A path traversal vulnerability was identified in both the Gotham Table service and the Forward App, which permits an authenticated user to access and read arbitrary files located on the file system. This vulnerability arises from insufficient validation of user input, allowing for the exploitation of relative paths to gain unauthorized access to sensitive information. Organizations using these services should assess their current security posture and implement necessary mitigations to prevent potential data exposure and enhance their security controls.

Affected Version(s)

com.palantir.gotham:blackbird-witchcraft * < 104.30231002.10

com.palantir.gotham:blackbird-witchcraft * < 104.30231001.8

com.palantir.gotham:blackbird-witchcraft * < 104.30230807.59

References

https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 29, 2024
Vulnerability Reserved
Apr 21, 2023

Palantir

What is CVE-2023-30970?

Affected Version(s)

References

CVSS V3.1

Timeline