Lucene search

[email protected]NVD:CVE-2022-48306

HistoryFeb 16, 2023 - 4:15 p.m.

CVE-2022-48306

2023-02-1616:15:12

CWE-295

CWE-297

[email protected]

web.nvd.nist.gov

cve-2022-48306

man-in-the-middle

palantir gotham

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

Affected configurations

Nvd

Node

palantirgotham_chat_ircRange<30221005.210011.9242palantir

VendorProductVersionCPE
palantirgotham_chat_irc*cpe:2.3:o:palantir:gotham_chat_irc:*:*:*:*:*:palantir:*:*

Vendor	Product	Version	CPE
palantir	gotham_chat_irc	*	cpe:2.3:o:palantir:gotham_chat_irc::::::palantir::*

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

29.1%

JSON

Related for NVD:CVE-2022-48306

prion1 cve1 cvelist1