{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-30971", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "state": "PUBLISHED", "assignerShortName": "Palantir", "dateReserved": "2023-04-21T11:42:33.501Z", "datePublished": "2025-12-19T16:34:19.437Z", "dateUpdated": "2025-12-19T18:00:30.734Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2025-12-19T16:34:19.437Z"}, "title": "Gaia unauthenticated endpoints", "affected": [{"vendor": "Palantir", "product": "com.palantir.acme.gaia:gaia", "versions": [{"versionType": "semver", "version": "100.231009.45", "lessThan": "*", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-592", "description": "This weakness has been deprecated because it covered redundant concepts already described in CWE-287.", "lang": "en", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseSeverity": "MEDIUM", "baseScore": 6.8}, "format": "CVSS"}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"}], "source": {"discovery": "INTERNAL", "defect": ["PLTRSEC-2024-37"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-19T17:24:29.023190Z", "id": "CVE-2023-30971", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-19T18:00:30.734Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-30971", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-19T17:24:29.023190Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-19T17:24:30.787Z"}}], "cna": {"title": "Gaia unauthenticated endpoints", "source": {"defect": ["PLTRSEC-2024-37"], "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place."}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}}], "affected": [{"vendor": "Palantir", "product": "com.palantir.acme.gaia:gaia", "versions": [{"status": "unaffected", "version": "100.231009.45", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"}], "descriptions": [{"lang": "en", "value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-592", "description": "This weakness has been deprecated because it covered redundant concepts already described in CWE-287."}]}], "providerMetadata": {"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "shortName": "Palantir", "dateUpdated": "2025-12-19T16:34:19.437Z"}}}, "cveMetadata": {"cveId": "CVE-2023-30971", "state": "PUBLISHED", "dateUpdated": "2025-12-19T18:00:30.734Z", "dateReserved": "2023-04-21T11:42:33.501Z", "assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4", "datePublished": "2025-12-19T16:34:19.437Z", "assignerShortName": "Palantir"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Gotham Gaia application was found to be exposing multiple unauthenticated endpoints."}], "id": "CVE-2023-30971", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "cve-coordination@palantir.com", "type": "Secondary"}]}, "published": "2025-12-19T17:15:49.697", "references": [{"source": "cve-coordination@palantir.com", "url": "https://palantir.safebase.us/?tcuUid=4d833960-b5a8-4750-abef-9c447fcd89fb"}], "sourceIdentifier": "cve-coordination@palantir.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-592"}], "source": "cve-coordination@palantir.com", "type": "Secondary"}]}

{}

{"created": "2025-12-21T21:13:07.997152+00:00", "updated": "2025-12-21T21:13:07.997179+00:00", "vendors": ["palantir", "palantir$PRODUCT$gaia"]}