Palantir Aries Service Unauthenticated Log Access Vulnerability
Vulnerability
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management features on Apollo instances with default configurations. This flaw bypassed both authentication and authorization checks, potentially enabling any network-accessible client to access system logs and perform actions without valid credentials. The issue arose from a software defect that failed to properly validate authentication tokens, leaving endpoints exposed to unauthorized access. Palantir has patched the vulnerability and deployed the fix to all affected Apollo instances.
Impact
Exploitation of this vulnerability could have led to unauthorized access to system logs and log management functions, allowing users to view and manipulate log data without proper authentication or authorization.
Remediation
The vulnerability has been patched, and the fix has been automatically deployed to all affected Apollo instances. No further action is required.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.