Primary

Context

ATLAS-EPIC Hardcoded Credentials Vulnerability

Vulnerability

A vulnerability has been identified in the ATLAS-EPIC repository, specifically in the main branch, where hardcoded credentials are exposed in the auth/keys directory. This includes an unencrypted RSA private key and a client ID, both of which are publicly accessible. The private key can be used to authenticate with FHIR endpoints, potentially leading to unauthorized access to sensitive health information through Palantir Foundry data pipelines.

Impact

Exploitation of this vulnerability allows unauthorized access to protected FHIR data pipelines in Palantir Foundry, with the potential for disclosing sensitive health information.

Remediation

To address this vulnerability, remove the auth/keys directory from the repository and rotate the credentials by invalidating the old private key and client ID and generating new ones.

Added: Oct 16, 2025, 6:27 PM

Updated: Oct 16, 2025, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.7

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.7

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ATLAS-EPIC Hardcoded Credentials Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating