CVE-2024-49587
Unknown Unknown - Not Provided
Unauthenticated Access in Glutton V1 Service Exposes Data

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: Palantir Technologies

Description
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2024-49587
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
palantir glutton *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability involves the Glutton V1 service endpoints being exposed without any authentication on Gotham stacks. This exposure allowed unauthorized users to directly access the Glutton backend and perform actions such as reading, updating, or deleting data without any permission.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive data and unauthorized modification or deletion of data. It poses a high risk of data compromise and integrity loss, potentially affecting the confidentiality and reliability of your systems.

Mitigation Strategies

Apply the patch that has been released for the affected Glutton V1 service endpoints and ensure it is deployed to all Apollo-managed Gotham Instances to prevent unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-49587. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart