CVE-2022-48306 MEDIUM

CVE-2022-48306: Gotham Chat IRC help does not validate hostnames in TLS certificates

Vendor Palantir

Product Palantir Gotham Chat IRC helper

Weakness CWE-297

Published February 16, 2023

Last update March 18, 2025

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

Key dates

02Disclosure timeline

February 16, 2023 CVE published

March 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-48306 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/297.html

Related vulnerabilities

Identifiers

CVE CVE-2022-48306

CWE CWE-297

CVSS 5.7 / MEDIUM

Affected versions