Security Bulletin

Bulletin ID: PLTRSEC-2024-40

CVE: N/A

Affected Products / Versions: N/A

Publication Date: March 13, 2024

Summary

On March 12, 2024, Palantir identified a defect in s3-proxy that caused the service to not respect customizations to Foundry’s default role based access control configurations to disallow users with the Compass Viewer role to perform download operations using specific services.

If the download operation had been removed from the Viewer role, a user with that role could bypass the restriction by generating temporary credentials with the AssumeRoleWithWebIdentity Standard Token Service (STS) API (https://<FOUNDRY_URL>/io/s3?Action=AssumeRoleWithWebIdentity&WebIdentityToken=<TOKEN>) and using them to perform downloads against datasets which they only have Viewer permissions on.

Background

S3-proxy is a translation service that enables third-party services to use S3 API syntax to integrate with Foundry. The S3 Proxy implements a subset of the S3 API such that you can interact with Foundry datasets using clients that know how to speak to S3, such as AWS CLI, AWS SDKs, Hadoop S3 file system, etc. This makes it possible to integrate tools and connectors that can communicate with S3, especially where a native Foundry connector does not exist.

Details

S3-proxy provided two operations to gate user activity: api:datasets-read and api:datasets-write. The api:datasets-read operation was granted with the Viewer role and, by default, enabled the ability to download datasets the user had Viewer permissions on. No operation was provided to separate the permission to download the dataset from the ability to view the dataset within the service.

Remediation

If download permissions have been removed from the Viewer role and added to a custom role, you will need to add the following permission to that custom role to restore download permissions: s3-proxy:datasets-read.

To audit for instances of abuse of this issue:

Open your audit log dataset. Filter rows such that name=ASSUME_ROLE_WITH_WEB_IDENTITY and enumerate the token IDs in the tokenGeneration.generatedTokens[].id.other.value field. Filter rows such that token_id contains one of the identified tokens. The event GET_BATCH_DATASET_VIEW_FILE_2 would indicate that a dataset was downloaded; note that this is not necessarily the only operation that could download a dataset. Review all other event names for evidence of dataset access.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2024-37

CVE: CVE-2023-30971

Affected Products / Versions: N/A

Publication Date: March 12, 2024

Summary

Multiple endpoints in Gaia(Gotham) were found to be unauthenticated due to a Framework migration misconfiguration. A malicious user with knowledge of specific resource IDs could have interacted with the endpoints to read data without authentication checks. The resource identifiers are generated in a random way which makes bruteforcing and/or guessing them unlikely. All the endpoints that were impacted were thoroughly audited and we found no evidence of abuse.

Background

Gaia is a collaborative map application with easy-to-use drawing tools, support for real-time data integrations, and functionality for performing advanced geospatial analysis.

Details

On January 16th, 2024, it was discovered that the Gotham Gaia application had multiple endpoints that were lacking authentication. Exploitation by an attacker was not possible due to the endpoints requiring query parameters in form of resource ids that are generated in a random and secure way.

Additionally, all the endpoints and services were audited by Palantir and there was no evidence of abuse

Remediation

All the impacted endpoints were fixed by requiring strict authentication/authorization checks on Gaia.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2024-35

CVE: N/A

Affected Products / Versions: N/A

Publication Date: February 22, 2024

Summary

The magritte-smb source will fall back to unencrypted sessions if the server does not require SMB encryption in-transit.

Background

The Server Message Block (SMB) protocol was originally designed for sharing files, printers, serial ports, and other hardware resources, between a server and multiple client systems on a LAN. The protocol itself has seen two major revisions, and prior to the latest release (version 3.x), encryption of data in-transit was still an optional feature. SMB 3.0 upgraded the message encryption and signing of the protocol, as well as considering encryption of data in-transit mandatory.

Protocols like SMB 3.0 and HTTPS introduce mandatory encryption as a way to reduce data exposure in transit, often as a result of protocol downgrade attacks. A Windows administrator could easily miss the fact that while common SMB 2.x servers support encrypted clients, they may leave sensitive data exposed on the wire if the client is misconfigured, or if a man-in-the-middle can intercept connections to perform a downgrade attack.

Details

The magritte-smb source prior to version 0.42.0 did not configure its SMB client to require encryption. As a result, if magritte-smb connected to a legacy SMB 2.x server (such as those with Windows Vista and Windows Server 2008), it is possible the connection could have transmitted data in cleartext.

Remediation

Magritte agents that pull data from SMB servers have been upgraded to magritte-smb source version 0.42.0 (or newer).

All forward-deployed Palantir resources have been notified to identify and address any SMB connections which do not require encryption where they have the ability to do so. Additionally, Palantir has forced all cloud-hosted (e.g., Palantir Cloud) data connections to require encryption, where such configuration is technically possible.

Palantir strongly recommends that customers run the most recent versions of relevant SMB software, as older versions have known vulnerabilities and are attractive targets for attackers.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2024-36

CVE: CVE-2023-30968

Affected Products / Versions: N/A

Publication Date: February 22, 2024

Summary

A specific service in Gaia(Gotham) was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an authenticated attacker in a Gotham stack to exploit other users using a one-click persistent XSS. This XSS also bypassed the content security policy of Palantir Gotham.

Background

Gaia is a collaborative map application with easy-to-use drawing tools, support for real-time data integrations, and functionality for performing advanced geospatial analysis.

Details

On February 13, 2024, it was discovered that one of Gaia's services was vulnerable to a stored XSS vulnerability, the service allowed end users to upload various media types to the backend. The XSS could be exploited by uploading a malicious html file and sharing the full URL of the uploaded file with the target user.
Although Palantir applies a strict CSP(Content Security Policy), it was possible to bypass CSP in this case because the service allowed the end user to chose the mime type that will be used when rendering the target uploaded file/image. As such a malicious user could upload a malicious javascript file and instruct the backend to return it with the correct mime type(e.g : application/javascript) so that this js file can be included in another html file to build a full exploit chain , thus bypassing CSP.

Remediation

The endpoint logic was changed so that it only renders valid image types inline by using a strict whitelist of valid image types and any other (non image) mime type will be downloaded as a binary file (application/octet-stream).

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-37

CVE: CVE-2023-30970

Affected Products / Versions: blackbird-witchcraft, versions less than 104.30230908.21; blackbird-witchcraft, versions less than 103.30230304.433; blackbird-witchcraft, versions less than 104.30231001.8; blackbird-witchcraft, versions less than 104.30231002.10; blackbird-witchcraft, versions less than 104.30230604.81; blackbird-witchcraft, versions less than 104.30231003.9; blackbird-witchcraft, versions less than 104.30230807.59

Publication Date: December 8, 2023

Summary

Gotham Table service and forward app were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. The affected service have been patched and automatically deployed to all Apollo-managed Gotham instances.

Background

Gotham Table or (Blackbird Witchcraft) is dependent on static-assets-servlet and Forward app is dependent on dropwizard-configurable-assets-bundle-fork-core, both these libraries provide an AssetServlet that is used to fetch static assets and return them to the frontend.

Details

During an internal code review, it was discovered that both these libraries were impacted by a path traversal issue where a malicious attacker could trick the asset servlet into returning a sensitive file from the filesystem by sending a path traversal payload (dot dot slash).

Remediation

The vulnerable servlet has been fixed by performing a path normalization and a strict whitelisting.

On Palantir-managed Gotham enrollments, the relevant services have been automatically upgraded to the fully-patched version.

Palantir Gotham - Customer hosted (without Apollo) : Upgrade services to the following versions

• blackbird-witchcraft :

  • 10.1 → 104.30231001.8
  • 10.2 → 104.30231002.10
  • 10.3 → 104.30231003.9
  • 9.8 → 104.30230908.21
  • 8.7 → 104.30230807.59
  • 6.4 → 104.30230604.81
  • 3.4 or earlier → 103.30230304.433

• static-assets-servlet

  • Upgrade to 1.1.0

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-35

CVE: CVE-2023-30969

Affected Products / Versions: tiles, versions less than 4.326.0

Publication Date: October 24, 2023

Summary

The Palantir Tiles service (Tiles1) was found to be missing authentication and authorization on all the API endpoints. This vulnerability is resolved in Palantir Tiles 4.326.0, which has been automatically deployed to all Apollo-managed Gotham instances.

Background

Palantir Tiles is a standalone GIS tile server running on Acme. It is currently in use by Gaia, Base App, and PG. Palantir Tiles is deployed using Skylab and compatible with SLSv2. It also offers several APIs for GIS-related operations, such as computing path cost, locating elevation peaks, etc.

Details

Tiles1 served as the precursor to Tiles2, but has since reached its end-of-life and has been superseded by Tiles2. However, it is worth noting that Tiles1 is still being utilized in certain scenarios.

From its inception, Tiles1 did not incorporate authentication and authorization checks. Instead, it relied on the presence of strict network controls. This approach created a potential vulnerability that could allow an unauthorized user with the right network access to perform actions such as listing, reading, exporting, renaming, and deleting tiles.

To address this issue, authentication checks have been implemented in all API endpoints since version 4.326.0. It is important to note that, for on-premise environments, strict networking controls can serve as a mitigating factor.

Remediation

Tiles API now requires authentication on all of it's endpoints.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-36

CVE: CVE-2023-30967

Affected Products / Versions: orbital-simulator, versions less than 0.692.0

Publication Date: October 24, 2023

Summary

Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. The affected service have been patched and automatically deployed to all Apollo-managed Gotham instances.

Background

Orbital simulator hosts backend services and libraries for the MetaConstellation ecosystem. Orbital Simulator allows users to simulate the movement of celestial bodies in the solar system. Users can select celestial bodies to add to the simulation, and configure their properties such as mass and position.

Details

On October 5th, 2023, a specific endpoint in orbital-simulator service was found to be vulnerable to an unauthenticated path traversal issue due to missing validation on user input which could have allowed a malicious user to read sensitive files from the disk. Internal teams have audited the whole fleet and determined no true positive instances of the vulnerability being abused or exploited.

Remediation

The vulnerable endpoint has been removed completely.

On Palantir-managed Gotham enrollments, the relevant services have been automatically upgraded to the fully-patched version.

Palantir Gotham - Customer hosted (without Apollo) : Upgrade services to the following versions

• Orbital Simulator: 0.692.0

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-32

CVE: N/A

Affected Products / Versions: N/A

Publication Date: September 12, 2023

Summary

The Foundry Magritte plugin magritte-kafka-source was found to be writing unencrypted files to the agent's disk which could allow under specific circumstances for a user with the ability to deploy a source on the agent to read those files . This vulnerability is resolved in magritte-kafka-source version 0.82.0.

Background

Magritte is the Palantir Foundry data ingestion framework. Magritte agents run Java plugins that implement both standard and custom transfer protocols according to customer needs, including magritte-kafka-source for integrating with customer kafka Systems. Magritte plugins must be cryptographically signed by Palantir, to ensure authenticity and customer control over the Foundry data ingestion capability. Magritte-kafka-source is a deprecated plugin and it is different from the managed kafka source.

Details

On August 11, 2023, it was discovered that the Magritte plugin magritte-kafka-source was writing files to the agent's disk without any encryption, the fix was deployed immediately to use an internal wrapper class that performs proper encryption when writing files to disk and all agents that were impacted were upgraded to the last version of the plugin .

Our Investigation concluded with no indications of abuse or malicious activity observed across the entirety of our hosted platform.

Remediation

The magritte-kafka-source plugin must be manually upgraded if installed in a Foundry instance.

Fixed Version: magritte-kafka-source 0.82.0

Impact: Magritte agents with vulnerable versions of this plugin may write unencrypted files to the agent's disk.

Remediation: All impacted agents have been upgraded to the latest version of the plugin.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-31

CVE: CVE-2023-30957

Affected Products / Versions: artifacts, versions less than 0.837.0

Publication Date: September 12, 2023

Summary

Foundry's Artifacts API was discovered to suffer from a Directory Traversal vulnerability. This vulnerability allowed users of Artifacts API to escape the repository to which their operations should have been constrained and begin to arbitrarily browse other locations in a mirrored copy of Palantir's Artifactory instance.

Background

Artifacts API enables proxying of remote repositories (such as Artifactory) to Foundry. This functionality is required to support workflows in Code Repositories.

Details

Artifacts API is used by other Foundry Services in order to reach Palantir hosted Artifactory instances. The API did not correctly normalize user-controlled paths before handing them off to the Artifactory mirror for resolution, which enabled users to escape the repository they should have been constrained to. This enabled users to arbitrarily browse artifacts that were available to the Foundry stack. No customer data was affected.

Remediation

This defect was resolved with the release of Foundry Artifacts 0.837.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-33

CVE: CVE-2023-30959

Affected Products / Versions: autopilot, versions less than 3.308.0

Publication Date: September 12, 2023

Summary

Apollo change requests comments was found to be vulnerable to a stored cross site scripting via javascript URI in markdown link.

Background

Palantir Apollo is an extensible, scalable platform for managing and deploying software that encodes operational best practices that have been refined during Palantir's history of running mission-critical software platforms. Apollo is used to upgrade, monitor, and manage every instance of Palantir's product in the cloud and at some of the world's most regulated and controlled environments.

Change requests are required for most changes to Environments issued as plans by the Apollo core engine. Users can comment on change requests which supports rich text editing. The comment can contain text and formatted links.

Details

Change requests comments support rich text editing and markdown formatting, it was possible for a user to create a markdown comment that renders to a link that contains a javascript URI which can cause an XSS upon clicking on it. Exploitation of this XSS was not possible since Palantir implements a strict CSP(Content-Security-Policy) in Apollo.

Remediation

Markdown functionality is disabled in Change Requests comments, it's possible to only add regular text along with valid URL links.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-30

CVE: CVE-2023-30961

Affected Products / Versions: gotham-fe-bundle, versions less than 100.30230706.22; gotham-fe-bundle, versions less than 100.30230702.24; gotham-fe-bundle, versions less than 100.30230704.15; gotham-fe-bundle, versions greater than or equal to 100.30230702.0; titanium-browser-app-bundle, version 100.30230706.20

Publication Date: August 22, 2023

Summary

Palantir Gotham frontend was found to be vulnerable to a frontend UI bug where under circumstances, could have applied an incorrect classification to a newly created property or link.

Background

Palantir Gotham is a platform that enables the world’s most important organizations to surface insights from complex data and presents them in a single view that enables users to make faster, more confident decisions.

Adding a property or a link in a Gotham document, a UI is rendered with a security picker that displays the security classification of the property. The expected behavior is that the default classification should be the same of the source document.

Details

On Monday, 31 July 2023, It was discovered that there was a UI bug in PG(Palantir Gotham) where a user that tries to add a property or link by highlighting and then dragging and dropping the text, or using a hotkey to add a property, the security picker did not carry forward the classification or access controls of the source document by default. Instead, it applied the first option in the list of “manually entered data” (MED) access controls used for general data entry or required the user to intervene and choose a custom security. In some cases, this meant a higher access control was proposed, but in others, a lower access control could have been proposed and the user must accept this value as part of property or link creation.

Remediation

On Palantir-managed Gotham enrollments, Gotham has been automatically upgraded to the fully-patched version.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-29

CVE: CVE-2023-30962

Affected Products / Versions: cerberus, versions less than 100.230704.0-27-g031dd58

Publication Date: August 22, 2023

Summary

The Gotham Cerberus service was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 , which has been automatically deployed to all Apollo-managed Foundry instances. As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest version of Cerberus.

Background

In Palantir Gotham, Cerberus service is a simple web-based spreadsheet editor with live collaboration that validates input against existing data. It supports by design uploading attachments inside datasets cells.

Details

On July 11, 2023, it was discovered that Cerberus service was vulnerable to a stored XSS vulnerability, the application was performing validations against the types of mimetypes that can be rendered inline from an attachment uploaded by users, by creating a crafted SVG file containing javascript payload it was possible to bypass that validation and get the javascript evaluated inline when navigating to the file path.

Palantir applies a strict CSP(Content Security Policy) when it comes to where a page loads it resources from, which reduces the impact of any potential XSS.

Remediation

For Gotham infrastructure without Apollo, customers will need to update Cerberus to 100.230704.0-27-g031dd58or greater.

On Palantir-managed Gotham enrollments, the Cerberus service has been automatically upgraded to the fully-patched version.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-22

CVE: CVE-2023-30949

Affected Products / Versions: slate, versions less than 6.207.0

Publication Date: July 26, 2023

Summary

Foundry Slate versions prior to 6.207.0 performed incorrect origin validation on a specific message handler in the slate sandbox.

Background

Slate is an extensible WYSIWYG web app for quickly creating interactive, data-driven web pages.

Details

Slate allows users to create iframes that are sandbox, these iframes could be used to send and receive postmessages with the parent frame and update the state based on the received messages. On March 1, 2023 it was reported to us that there was an issue where slate was performing an incorrect origin validation on a specific message handler, which could result in phishing attempt by changing the sandbox page content to a fake login page. XSS and other forms of client side attacks were not possible due to the strict CSP configuration and sandbox attributes used in slate.

Remediation

The vulnerable endpoint was patched to perform same origin validation. On Palantir-managed Foundry enrollments, the relevant frontend packages have been automatically upgraded to the fully-patched version.

Timeline

N/A

Acknowledgement

This issue was reported to Palantir by Ossama Yousef.

Security Bulletin

Bulletin ID: PLTRSEC-2023-11

CVE: CVE-2023-22836

Affected Products / Versions: guardian, versions less than 2.278.0

Publication Date: June 2, 2023

Summary

In cases where a multi-tenant stack user is operating Foundry’s Guardian service, and the user changes a group name from the default value, the renamed value may be visible to the rest of the stack’s tenants.

Background

Foundry Guardian is a Foundry service for creating and managing resources in a centralized and standardized way.

Details

A pull request was merged on Feb 17th 2023 which caused Foundry's Guardian service to not respect tenant boundaries when listing group names (typically these will be the names of customers). This data is considered sensitive and should not be shared between tenants. The issue was resolved on Feb 23rd with the release of version 6.202.0.

Remediation

Upgrade the guardian service to 2.278.0 or higher

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

CVE-2023-34362

Background

On June 2nd, Progress MOVEit disclosed a vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. This vulnerability, disclosed as CVE-2023-34362, was rated as Critical (9.8 CVSSv3) and was exploited in the wild by various actors.

Palantir is not affected

Palantir is not affected by the Progress MOVEit vulnerability described in CVE-2023-34362.

Palantir has no reliance on this software in any of our environments. There is no action required for any of our customers.

Security Bulletin

Bulletin ID: PLTRSEC-2023-26

CVE: CVE-2023-30960

Affected Products / Versions: job-tracker, versions less than 4.645.0

Publication Date: June 29, 2023

Summary

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to.

Background

Foundry job-tracker is a service that provides a fast, permissioned cache of foundry builds and a build state UI.

Details

Foundry job-tracker provides several API endpoints to query metadata related to builds, and provides filters for those results such as underlying resource RIDs, time of creation and build status.

It was discovered that by replacing a RID in the filter with one the user did not have access to, they could still query build metadata for that resource if it existed. Furthermore, by removing all entries for the filter the service would return metadata for all build objects in its cache, including those that related to resources the user did not have access to.

Build metadata that was impacted includes: The RID of the build, the username and UUID of the build's author, start and finish time of the build, the RIDs of the input and output datasets, Job metadata related to the build and Build Status.

Remediation

This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-28

CVE: CVE-2023-30963

Affected Products / Versions: foundry-frontend, versions less than 6.229.0

Publication Date: June 29, 2023

Summary

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed.

Background

Foundry Slate is an extensible WYSIWYG ("what you see is what you get") web-based application used to quickly create interactive visualizations of aggregate enterprise data.

Details

When creating Queries in Slate, users have the ability to create folders to assist with organization. If a folder was created with an XSS payload as the name, it was discovered that when attempting to move a query into any folder using the dropdown menu, the XSS would be triggered. This XSS was blocked by Foundry's CSP and would therefore require a CSP bypass to become effective.

Remediation

This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-15

CVE: CVE-2023-30946

Affected Products / Versions: issues, versions less than 2.497.0

Publication Date: June 26, 2023

Summary

A security defect was identified in Foundry Issues that enabled users to retrieve Issue metadata from Foundry's notification API if they were assigned to an issue but did not have access to it.

Background

Foundry Issues enables users of Foundry to surface, find, and resolve problems that they encounter within Foundry by filing issues on certain types of resources.

Details

If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

Remediation

This defect was resolved with the release of issues-service 2.497.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-23

CVE: CVE-2023-30955

Affected Products / Versions: workspace, versions less than 7.7.0

Publication Date: June 26, 2023

Summary

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'.

Background

Workspace 'Developer Mode' is a feature set in Foundry that affords privileged users the ability to interact with the Foundry Platform in a technical manner. Features include the ability to preview work-in-progress changes via a commit preview function and toggling in-development client-side features in the platform.

Details

An authorization check is made to discern whether or not a user should be entitled to view settings related to Developer Mode when requested. On a failure to authorize, the user would be presented with a UI prompt explaining they were not entitled to view the feature set. It was discovered that by using an intercepting proxy to edit inbound traffic related to the UI, a user could trick the frontend into rendering the prohibited features allowing them to browse and interact with Developer mode in a limited capacity.

Remediation

This defect was resolved with the release of workspace-server 7.7.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-20

CVE: CVE-2023-30951

Affected Products / Versions: magritte-rest-source-bundle, versions less than 7.210.0

Publication Date: June 26, 2023

Summary

The magritte rest-source plugin prior to version 7.210.0 is vulnerable to an XML external Entity (XXE) attack.

Background

Foundry can integrate with external systems that expose a REST API. The REST API source may be used for workflows requiring interactive HTTP requests to external systems directly from Foundry applications via Actions. For example, you can create a Workshop application with a button that uses a webhook to calls a REST endpoint when clicked, connecting that application to existing workflows and source systems.

Details

Magritte rest-source plugin, specifically the XML extractor that performs XML response extraction from an HTTP endpoint response was found to be vulnerable to an XXE exploit which could have allowed a malicious user to exfiltrate sensitive files from inside the magritte agent.

Remediation

On Palantir-managed environments, the following services have been upgraded to patched versions which properly validate the XML document and safely parses it by disallowing external DTD. Customers which manage their own environments without Apollo should reach out to their forward deployed engineer or other Palantir POC.

Magritte-rest source if it is in use, to version >= 7.210.0 (Foundry only)

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-25

CVE: CVE-2023-22835

Affected Products / Versions: foundry-frontend, versions less than 6.228.0; issues, versions less than 2.510.0

Publication Date: June 26, 2023

Summary

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants.

Background

Foundry Issues enables users of Foundry to surface, find, and resolve problems that they encounter within Foundry by filing issues on certain types of resources. Issues have a state that shows at what stage in the management lifecycle they are currently in. Issues can be open or closed, but they also may be waiting for a response from the reporter for example.

Details

When an action is performed in an Issue such as making a comment or changing an Issue state, the record of the Issue is updated with the values that changed to keep a historical log of actions made. It was discovered that when making a request to change the state of any Issue a user could modify the state in an unexpected manner, and the malformed state would be persisted in the Issue record.

When Foundry Frontend attempted to render the Issue with the tainted Record, an exception would be thrown which resulted in a loss of functionality in Foundry Frontend when browsing the Issues app for all assignees of that Issue.

Remediation

This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0. The services were rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-21

CVE: CVE-2023-30950

Affected Products / Versions: campaigns, versions less than 0.623.0

Publication Date: June 26, 2023

Summary

Foundry Campaigns versions prior to 0.623.0 included an unauthenticated endpoint that would have allowed an attacker to disclose a private campaign without authentication.

Background

On June 8th, 2023 , it was discovered that an endpoint in foundry campaigns service could return details about a campaign without authentication/authorization. An attacker would need to know a target campaign ID and then query the vulnerable endpoint to return information about the campaign.

Details

The Campaigns app allows deployment teams to create (via an intuitive WYSIWYG interface) and schedule HTML email campaigns to dynamic end-user targets.

Remediation

The vulnerable endpoint was patched to require full authorization and authentication on the target resource. On Palantir-managed Foundry enrollments, the relevant services have been automatically upgraded to the fully-patched version.

Palantir Foundry - Customer hosted (without Apollo): Upgrade service to the following versions

Foundry Campaigns: 0.623.0

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-24

CVE: CVE-2023-30956

Affected Products / Versions: comments, versions less than 2.267.0

Publication Date: June 26, 2023

Summary

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment.

Background

Foundry Comments is a service that allows users to converse and collaborate within the context of a resource in the Foundry Platform.

Details

When uploading an attachment to a comment, the attachment is stored in Foundry's primary datastore and a UUID representing it's location is returned to the service.

When requesting to delete a comment with an attachment the UUID of the attachment is submitted as a part of the request to enable Foundry to display it as part of a confirmation prompt. It was discovered that a user could replace the UUID of the attachment they were attempting to delete in the original request with the UUID of an attachment they were targeting to discover it's contents.

This would require the user to find the UUID of the targeted attachment, which is not trivial due to the nature of UUIDs.

Remediation

This defect was resolved with the release of Foundry Comments 2.267.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-12

CVE: CVE-2023-30954

Affected Products / Versions: video-application-server, versions less than 2.206.1

Publication Date: June 9, 2023

Summary

Palantir Gotham's video-application-server service contained a race condition which could result in classification markings not being applied to new videos.

Background

The video-application-server service is responsible for surfacing available videos and integrating them with the Gotham platform.

Details

If the Gotham video-application-server service's source system had not yet initialized, it would assign new video feeds to a default collection with no classification markings. This could have caused videos to become viewable by users who would otherwise not have access.

Remediation

Upgrade video-application-server to 2.206.1 or higher

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-09

CVE: CVE-2023-22834

Affected Products / Versions: contour-dispatch, versions less than 9.642.0

Publication Date: June 9, 2023

Summary

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow them to clutter up Compass folders with extraneous analyses they would otherwise not have permission to create.

Background

Contour is a point-and-click data exploration, analysis and transformation tool. Contour enables users to work with their data in a visual and iterative fashion making and tweaking decisions based on what they see.

Details

On Jan 5th 2023, a pull request was merged that removed an authorization check from contour. Following this, users would be able to create Contour analysis even if they wouldn't otherwise have permission. Users would still need authorization to access the underlying datasets for any analysis they created. The only known security impact is that users may have been able to clutter up folders by creating contour analyses in places they wouldn't have otherwise have permission to do so. This change was discovered and remediated on April 14th.

Remediation

Upgrade Contour to 9.642.0 or higher

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-19

CVE: CVE-2023-30952

Affected Products / Versions: N/A

Publication Date: June 9, 2023

Summary

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. A fix was applied with Foundry Frontend 6.228.0 and rolled out to all affected Foundry instances.

Background

Foundry Issues enables users of Foundry to surface, find, and resolve problems that they encounter within Foundry by filing issues on certain types of resources. When creating an Issue in Foundry the request that is sent contains a 'reporterPath' parameter, the contents of which are used to create a URI that links to the location where the issue was raised. The contents of this are ultimately user controlled and can be changed to create realistic phishing links.

Details

No URI validation was performed on parameters submitted as part of the Issue creation request. Typically the submitted 'reporterPath' parameter is prefixed by the URI of the Foundry Deployment that the issue is raised on. By editing the 'reporterPath' parameter to include syntax related to HTTP basic auth, it was possible to generate a link that navigates to domains outside of Foundry that would still be prefixed by the Foundry Deployment URI, creating a phishing link that looks realistic.

Remediation

URIs are now checked on Issue submission to ensure they are correctly formatted, otherwise they are discarded. A fix has been applied to affected Foundry instances. No further intervention is required.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-13

CVE: CVE-2023-30953

Affected Products / Versions: N/A

Publication Date: June 9, 2023

Summary

Users with edit access to Foundry magritte sources could cause configured secrets for that source to be logged

Background

Magritte is the primary service used to ingest data from external systems into Foundry.

Details

By configuring a magritte source with malformed YAML, a user with edit access could cause the service to produce error messages that would include configured secrets for the source. The secrets would then be accessible to anyone with access to logs from the relevant foundry deployment.

Remediation

Upgrade the following services:

• magritte-coordinator to 9.1100.0
• magritte-bootstrapper-bundle to 9.926.0
• magritte-transforms-extract-runner-bundle to 9.926.0

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-08

CVE: CVE-2023-22837

Affected Products / Versions: delegated-media, version 1.0.0

Publication Date: June 9, 2023

Summary

The Delegated-Media Service does not validate that users have permission to access a media resource. If an authenticated user guesses or is given an s3 URL which the delegated-media host has access to, they will be able to access it via delegated-media even if they otherwise would not have permission.

Background

Delegated Media is a service used as part of Palantir Gotham to access external media, such as media stored in s3 buckets.

Details

The Delegated-Media Service was initially intended to be deployed with an additional authentication layer which would perform authorization checks. As the service is currently deployed, it could be used to bypass authorization checks for media by passing it a URL for an external media object that the Delegated-Media Service has access to. Delegated-media 1.0.0 adds an authorization check, resolving the issue.

Remediation

Upgrade to delegated-media 1.0.0

Timeline

2023-03-22: SDI filed for delegated-media backed by S3

2021-07-09: Gotham introduces S3-bucket support delegated media

2023-03-17: Authorization feature touchdown in delegated media

2023-01-17: Gotham/AppSec planning to improve delegated-media S3 access controls

2019-10-18: Initial approval for tests on staging stacks

2022-08-08: AppSec follow-up on delegated-media

2023-03-27: delegated-media 1.0.0 is released

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-18

CVE: CVE-2023-30945

Affected Products / Versions: clips2, versions less than 0.111.2; video-clip-distributor, versions less than 0.24.10; video-history-server, versions less than 2.210.3

Publication Date: June 9, 2023

Summary

Multiple Services in video application server were vulnerable to an unauthenticated path traversal attack that resulted in an arbitrary file read/write/delete. The affected services have been patched and automatically deployed to all Apollo-managed Foundry instances.

Background

Video Application Server is a repository that hosts multiple services such as VHS (Video History Service), VCD(Video Clip Distributor) and DVD (Dummy video Distributor). ..

video-application-server (VAS): Central video service that is responsible for surfacing available videos and integrating with the Gotham platform.

video-history-server (VHS): Service that is responsible for maintaining video archives and serving archived video.

dummy-video-distributor (DVD): Service that plays files on disk as live streams via ffmpeg or multicast.

Clips2 : Clips2 is built around a headless Chrome Browser and FFMPEG to support video clip exports

Details

On May 2nd, 2023 all of the services in VAS were found to be vulnerable to multiple unauthenticated path traversal issues due to missing validation on filenames which could have allowed a malicious user to read sensitive files on any of the impacted services filesystem or create/delete files as well.

Upon further investigation another service (clips2) was discovered to use a similar vulnerable pattern . Internal teams have audited the whole fleet and determined no true positive instances of the vulnerability being abused or exploited.

Remediation

VHS, VCD, DVD: All the vulnerable endpoint perform a correct validation on the filename parameters and also require authentication on all the resources. Clips2: The vulnerable endpoints were patched to perform correct validation on the filename parameters.

On Palantir-managed Gotham enrollments, the relevant services have been automatically upgraded to the fully-patched version.

Palantir Gotham - Customer hosted (without Apollo) : Upgrade services to the following versions

• VHS: 2.210.3
• VCD: 0.24.10
• Clips2: 0.111.2

Timeline

2023-05-02: Relevant product teams have been paged and root cause was identified

2023-05-03: Impacted versions have been upgraded and new version released

2023-05-02: The Vulnerability has been identified internally and an incident has been spun up

2023-05-02: Initial PR to fix the first issue

2023-05-02: The rest of the PRs to fix the vulnerabilities have been merged in production

Acknowledgement

This issue was identified internally at Palantir.

Security Bulletin

Bulletin ID: PLTRSEC-2023-16

CVE: CVE-2023-30948

Affected Products / Versions: comments, versions less than 2.249.0

Publication Date: June 06, 2023

Summary

A security defect was discovered in Foundry's Comments functionality. A fix has been applied and rolled out to your Foundry environment. The vulnerability allowed an authenticated user to retrieve attachments tied to comments if the random UUID associated with that attachment was discovered.

Background

A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization checks. This could enable an authenticated user to inject a prior discovered attachment UUID into other arbitrary comments to discover it's content.

An investigation revealed no known exploitation of this vulnerability.

Details

When adding an attachment to a comment, the Comments Service returns a UUID which is used as a locator for that attachment in our primary datastore Alta.

This UUID is appended to attachment insertions when creating new comments. It was found that no additional authorization checks were performed when negotiating retrieval of the attachment. This resulted in a situation where an authenticated party could inject a valid UUID, if it were discovered, to a comment creation request and leak the contents of the attachment associated with the injected UUID from an unrelated comment that they may otherwise be unable to see.

Due to the nature of UUIDs, successful exploitation of this vulnerability would require the user to discover a target UUID via other means, or otherwise invest considerable resources in attempting to brute force a valid UUID.

Remediation

This defect was fixed in Foundry Comments 2.249.0, and a patch was rolled out to affected Foundry environments. No further intervention is required at this time.

Timeline

N/A

Acknowledgement

This issue was identified by an external security researcher as part of our bug bounty program.

Security Bulletin

Bulletin ID: PLTRSEC-2023-17

CVE: CVE-2023-22833

Affected Products / Versions: lime2, versions 2.519.0 to 2.532.0 (exclusive)

Publication Date: June 2, 2023

Summary

Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one of the services backing the Ontology. The software bug has been fixed and the fix has been deployed to your hosted Foundry environment. The vulnerability allowed authenticated users within a Foundry organization to potentially bypass discretionary or mandatory access controls under certain circumstances.

Background

A software bug in Foundry’s Lime2 service (versions 2.519.0 through 2.531.0) occurred, and resulted in the service not correctly verifying permissions when API queries were issued through Foundry’s Phonograph service under certain circumstances. The regression introduced by this software bug manifested in a way where authenticated users within a Foundry organization could potentially bypass discretionary or mandatory access controls applied to objects with discover permissions for their account.

A thorough investigation revealed no known exploitation of this bug on Palantir managed or on-premise environments.

Details

The vulnerability could potentially impact authenticated users' front-end and back-end access. For front-end access, users with discovery (view) permissions on an object type may have been able to view the object type and observe aggregations related to the object type. For back-end access, the impacted phonograph search API endpoint may have returned a list of objects and associated properties that did not respect mandatory or discretionary controls. However, data returned via this API would respect GPS security constraints.

Successful exploitation of this bug via back-end access would require elevated permissions within Foundry, knowledge of the phonograph2 API endpoints, and specific resource identifiers, which are generally undiscoverable to non-privileged users.

For front-end access, users with discovery (view) permissions on an object type may have been able to:

1. View the object type and observe aggregations related to the object type, such as the count of objects and properties.
2. Access a small subset of Foundry user interface components, including Object Explorer, Workshop, and Search, possibly exposing some metadata to users.
3. Direct loads or reads of object data (e.g., rows, columns) remained protected in all cases by role-based security controls and were not visible to unauthorized users.

Despite these exposures, the risk of unauthorized front-end data access is considered low.

For back-end access, the impacted Phonograph2 API endpoints may have exhibited the following behaviors:

1. The API endpoints may have returned a list of objects and associated properties that did not respect mandatory or discretionary controls.

2. Data returned via impacted API endpoints would have continued to respect granular permission service (GPS) security constraints and only displayed data the requestor was authorized to view for the relevant policy. However, this could have inadvertently revealed object metadata to the requestor.

3. All other Phonograph2 API endpoints, such as the data load endpoints (e.g., getObject, getObjects, etc), continued to appropriately respect discretionary and mandatory access controls. Successful exploitation of this bug via back-end access would require:

4. Pre-existing elevated permissions within Foundry (e.g., 'Ontology Administrator').

5. Knowledge of the Phonograph2 API endpoints. Specific resource identifiers (e.g., GUIDs) which are generally undiscoverable to non-privileged users.

6. In certain cases, existing Slate dashboards may have relied on the discretionary permissions to limit the scope of the usage of the affected APIs for a subset of users of those dashboards. In such cases, users might have been inadvertently exposed to the list of objects and associated properties mentioned above. However, the likelihood of this occurring is believed to be low.

Remediation

The bug has been fixed as of Lime version 2.532.0, and the patch has been deployed to the affected Foundry environments. No ongoing risk of unintended data visibility is associated with this remediated vulnerability. No direct action is required from affected parties at this time.

Timeline

N/A

Acknowledgement

This issue was identified internally at Palantir.

Many third-party organizations leverage "third-party risk assessment" platforms as part of their security due diligence efforts.

Unfortunately, the Palantir Information Security Team has increasingly observed that many of the platforms in this space are unreliable and include flawed "results" or "findings" which are irrelevant and erroneous. These platforms regularly misattribute information between unrelated organizations, employ questionable techniques resulting in data collection and completeness problems, and fundamentally do not provide valuable information about Palantir's infrastructure or security risk.

At the date of this publication, historic substantive, true-positive findings observed in these platforms has been de minimus. Individually responding to erroneous findings across an increasing tapestry of vendors in this space is an onerous and expensive task which ultimately detracts from meaningful cybersecurity work. As such, it is the policy of the Palantir information security team not to respond to inquiries or "findings" generated by such vendors or platforms.

We believe this policy allows us to best direct our cybersecurity resources towards efforts that maximize the security for Palantir, and for our customers. This ultimately allows us to meet the highest bar for security, data protection, privacy, and compliance, to which we are committed. In furtherance of this commitment, through our Safebase portal, we have published detailed security documentation, including reliable information reflecting risk and posture management, penetration and security testing, our accreditations, security controls, and other relevant, and detailed, security and technical information in order to inform meaningful risk assessments by our customers and prospective customers.

We remain confident that these materials demonstrate how Palantir's infrastructure and operations meet the highest security standards.

Security Bulletin

A security bulletin has been publicly disclosed for our software.

PALSEC-2023-01

An information disclosure issue was discovered in db-controller that leaked database credentials when installed in a Kubernetes-based service orchestration environment.

More Information

Full details of this security bulletin can be found in our GitHub repository.

Security Bulletin

A security bulletin has been publicly disclosed for our software.

PALSEC-2022-07

An information disclosure issue was discovered in Rubixbeat, a logging component of Palantir Apollo, when receiving logs originating from the Foundry Code-Workbooks service.

More Information

Full details of this security bulletin can be found in our GitHub repository.

Security Bulletin

A security bulletin has been publicly disclosed for our software.

PALSEC-2022-05

The delivery-metadata service in Palantir Apollo was found to permit API endpoints that did not adequately require authentication to query, potentially granting read access to metadata such as deployed software version numbers to unintended recipients. The subsequent investigation uncovered insufficient authentication controls in the team-ownership service as well, which is responsible for metadata pertaining to package installations. These vulnerabilities are resolved in apollo-deployment-state version 4.714.0, delivery-metadata version 2.565.0, and team-ownership version 0.171.0, respectively. As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest version of all relevant Apollo services.

More Information

Full details of this security bulletin can be found in our GitHub repository.

Security Bulletin

A security bulletin has been publicly disclosed for our software.

PALSEC-2022-04

The Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0, which has been automatically deployed to all Apollo-managed Foundry instances. As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest version of Blobster.

More Information

Full details of this security bulletin can be found in our GitHub repository.

Security Bulletin

A security bulletin has been publicly disclosed for our software.

PALSEC-2022-03

The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. Magritte sources which leverage this plugin using HTTP Basic Authentication should change their OSISoft PI System account credentials.

More Information

Full details of this security bulletin can be found in our GitHub repository.

Security Response

CVE-2022-3786 and CVE-2022-3602:

Background

On October 25th, the OpenSSL maintainers published an announcement to the community of a forthcoming release of version 3.0.7 which contained a patch for a CRITICAL vulnerability set to be released on November 1. Upon receiving the notification, the Palantir CIRT (Computer Incident Response Team) opened an investigation to determine the overall exposure to Palantir platforms and infrastructure. Subsequent notices from the OpenSSL maintainers indicated that only the 3.0.x branch contained the CRITICAL fix and so, in conjunction with our product development teams, we began to investigate and understand the usage of OpenSSL 3.0.x across our organization. By Friday October 28th we concluded our assessment and stood by for the November 1 release.

Yesterday, OpenSSL 3.0.7 was released which resolved two HIGH CVEs: CVE-2022-3786 and CVE-2022-3602. After the initial announcement on October 25th, the OpenSSL maintainers conducted further analysis of the issues and determined they were not as exploitable as initially thought. Regardless, the Palantir InfoSec Team treats all software issues of this nature with the utmost importance, regardless of the surrounding circumstances.

Palantir is not affected

Palantir is not affected by the OpenSSL vulnerabilities in CVE-2022-3786 and CVE-2022-3602:

After a comprehensive search for usage of the offending libraries we have no reliance on and have found no evidence of OpenSSL 3.0.x in our hosted infrastructure and products. There is no action required for any of our customers.