CVE-2022-27891
CVSS V2 None
CVSS V3 None
Description
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.
Overview
- CVE ID
- CVE-2022-27891
- Assigner
- cve-coordination@palantir.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-16T16:15:12
- Last Modified Date
- 2023-02-25T03:27:51
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:o:palantir:gotham:*:*:*:*:*:*:*:* | 1 | OR | 3.22.10.4 |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-10.md | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-27891 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27891 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:50:07 | Added to TrackCVE | |||
| 2023-04-17 07:50:10 | Weakness Enumeration | new |