CVE-2023-30962

Summary

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.acme.cerberus:cerberus* < 100.230704.0-27-g031dd58affected

Weaknesses

  • CWE-434: The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References