Palantir is a software company that builds the world's leading software for data-driven operations and decision-making. For more than a decade, we’ve worked with customers in the most secure and highly-regulated industries and built software for their most sensitive data. Today, security remains the cornerstone of our product development, company culture, and internal operations.
Palantir cares deeply about the security outcomes of our customers, and we’re committed to transparency about our security practices and program. We stand resolute in continuously improving our security, data protection, and privacy controls to give you the most effective means of protecting your data possible.
Security Bulletin
Bulletin ID: PLTRSEC-2024-43
CVE: CVE-2024-49587
Affected Products / Versions: N/A
Publication Date: January 28, 2025
Summary
Glutton V1 service endpoints were exposed without any authentication on gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
Background
Glutton is an essential part of a typical pipeline to integrate external data sources into Palantir Gotham (PG). The primary Glutton use case is to dynamically update data from an external data source as the data source changes over time.
Details
A software bug in Palantir’s Glutton Service (V1) occurred, and resulted in multiple endpoints being exposed without any authentication or authorization. This bug was due to a complex edge case during an infrastructure migration that made some code checks pass even though the client did not have a valid certificate to authenticate against the service.
Palantir's information security team conducted a thorough review of audit logs associated with each and every impacted endpoints of the vulnerable service and no evidence of abuse or exploitation has been found, additionally on production environments the infrastructure WAF(Web Application Firewall) would block any client request that did not contain a valid Authorization Header.
Remediation
This defect was resolved and rolled out to all affected Gotham instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Security Bulletin
Bulletin ID: PLTRSEC-2024-48
CVE: CVE-2024-49589
Affected Products / Versions: artifacts, versions less than 0.1337.0
Publication Date: January 28, 2025
Summary
Foundry artifacts service was found to be vulnerable to a Denial Of Service attack due to disk being filled based on user supplied argument (size). This required the attacker to be logged-in the stack since the endpoints were enforcing authentication checks but not Authorization.
Background
Foundry Artifacts is built around the concept of repositories, of which there are two main types: local and remote.
Details
During an internal code review, it was discovered that multiple endpoints on foundry artifacts were vulnerable to a denial of a service that required minimal user interaction. The foundry artifacts backend was accepting an arbitrary value from user input and writing random data into the disk using the user provided size this led to a denial of service attack by filling up the disk.
Remediation
This defect was resolved with the release of Foundry Artifacts 0.1337.0.
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Security Bulletin
Bulletin ID: PLTRSEC-2024-47
CVE: CVE-2024-49581
Affected Products / Versions: N/A
Publication Date: November 14, 2024
Summary
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
Background
Object explorer background : Object Explorer is a search and analysis tool for answering questions about anything in the Ontology.
Restricted views background : Markings and roles provide powerful access controls, but some situations require more granular permissioning. For example, it may be insufficient or inappropriate to grant access to all objects of a certain type; some object types may need to surface different objects to different users, as when a company limits its sales representatives to viewing customers at their assigned branch. Restricted Views can provide this additional level of access control.
Details
A software bug in Palantir’s External Artifacts service (versions 105.110.1 through 105.115.0) occurred, and resulted in Palantir’s Phonograph service under certain circumstances not correctly verifying permissions when API queries were issued. The regression introduced by this software bug manifested in a way where authenticated users within a Palantir organization could potentially bypass granular policies on legacy Objects backed by Restricted Views.
It is important to note that this software bug DID NOT impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
Palantir's information security team conducted a thorough review of audit logs associated with each Palantir environment to gauge potential impact caused by this software bug. An impact assessment was delivered to each potentially impacted customer.
Remediation
After confirming the issue and identifying the scope of impact, all Apollo-joined Palantir deployments were automatically rolled back to the last known safe version of the External Artifacts. Palantir deployments that are not Apollo-managed were manually reverted by Palantir's Forward Deployed Engineers.
A fixed version of External Artifacts was released (v105.116.0) shortly after, and has been rolled out to all Foundry instances. No further intervention is required.
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Security Bulletin
Bulletin ID: PLTRSEC-2024-46
CVE: CVE-2024-49588
Affected Products / Versions: sls-oracle-sidecar, versions less than 0.544.0; sls-oracle-sidecar, versions greater than or equal to 0.347.0
Publication Date: November 4, 2024
Summary
Multiple endpoints in oracle-sidecar
in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections. A malicious, authenticated service user with network access to the container could have abused some of the endpoints the service provides to execute arbitrary SQL commands on the backend database, potentially compromising confidentiality, integrity and availability of the Oracle database.
Background
The oracle-sidecar
service provides database performance metrics for Oracle databases. Its endpoints are only available internally and require a special service-level secret to authenticate.
Details
In October 2024, a routine security review discovered that oracle-sidecar
did not sanitize parameters supplied via API requests adequately before inserting them in SQL queries against the backend. Multiple endpoints were following this methodology. This allowed a user with knowledge of a service secret and access to the container's ports to inject into SQL queries. SQL injections can potentially lead to unauthorized data manipulation, data exfiltration, and command execution.
Remediation
All service endpoints were patched to construct SQL queries using prepared statements and eliminate the possibilities for SQL injections. The vulnerabilities are remediated from version 0.544.0 onwards
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
Security Bulletin
Bulletin ID: PLTRSEC-2024-42
CVE: N/A
Affected Products / Versions: N/A
Publication Date: October 31, 2024
Summary
Dispatch service contained an issue where under very specific circumstances could result in disclosing the title of a resolved object that the user is not allowed to see.
Background
Palantir Gotham consists of a backend monolith known as the Dispatch server, and additional backend support services. Dispatch contains the core logic for Gotham, and includes various APIs. Users of the Browser Application within Palantir Gotham’s Frontend can view data stored in Gotham, including historical versions of the data, via Dispatch’s APIs.
Details
After resolving multiple objects in Gotham, history events are generated which include the titles of resolved objects. Under specific circumstances, titles could become visible to users that would not have previously had permission to see the titles.
Remediation
All versions of dispatch that use dynamic object title generation, from 100.30191104.0 until 105.85.0 except these patched versions:
- 104.30240308.264
- 105.19.138
- 105.35.71
- 105.59.30
- 105.80.4
- 105.84.2
- 105.85.0 and beyond
Timeline
N/A
Acknowledgement
This issue was identified internally at Palantir.
If you think you may have discovered a vulnerability, please send us a note.