CVE-2024-49581: Access control issue impacting RV backed objects
Description
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users.
The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances.
Classification
CVE ID: CVE-2024-49581
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.5
Affected Products
Vendor: Palantir
Product: com.palantir.gotham:external-artifacts
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.44% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)