CVE-2023-30968

Summary

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.acme.gaia:gaia100.240108.11 < *unaffected
Palantircom.palantir.acme.gaia:gaia100.240203.6 < *unaffected
Palantircom.palantir.acme.gaia:gaia100.230807.13 < *unaffected
Palantircom.palantir.acme.gaia:gaia100.240205.0-12-gf415217 < *unaffected
Palantircom.palantir.acme.gaia:gaia100.231108.82 < *unaffected
Palantircom.palantir.acme.gaia:gaia100.231009.47 < *unaffected
Palantircom.palantir.acme.gaia:gaia100.240202.9 < *unaffected

Weaknesses

  • CWE-434: The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References