Unauthorized Access to Restricted Data in Palantir Foundry
CVE-2024-49589

6.5MEDIUM

Key Information:

Vendor: Palantir
Status: Com.palantir.artifacts:artifacts
Vendor: CVE Published:; 18 February 2025

What is CVE-2024-49589?

An identified software bug in Palantir Foundry's Object Explorer component allowed users without the necessary permissions to bypass restrictions on viewing certain objects. This issue arose under specific conditions, although it did not permit any unauthorized data access across different organizational boundaries or to unauthenticated users. Palantir has swiftly addressed this vulnerability with a patch that has been automatically deployed to all instances managed by Apollo, ensuring user data remains secure.

Affected Version(s)

com.palantir.artifacts:artifacts * < 0.1337.0

References

https://palantir.safebase.us/?tcuUid=ad6b08b1-2f79-4e32-b...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Oct 16, 2024