Gotham Chat IRC help does not validate hostnames in TLS certificates
CVE-2022-48306

5.7MEDIUM

Key Information:

Vendor: Palantir
Status: Palantir Gotham Chat Irc Helper
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-48306?

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

Affected Version(s)

Palantir Gotham Chat IRC helper < 30221005.210011.9242

References

https://github.com/palantir/security-bulletins/blob/main/...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Feb 2, 2023