CVE-2024-49581 MEDIUM

CVE-2024-49581: Access control issue impacting RV backed objects

Vendor Palantir
Product com.palantir.gotham:external-artifacts
Weakness CWE-862 · Missing authorization
Published December 2, 2024
Last update December 2, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.

Key dates

02Disclosure timeline

December 2, 2024 CVE published
December 2, 2024 Record updated