CVE-2022-48306
Published: 16 February 2023
Summary
CVE-2022-48306 is a medium-severity Improper Validation of Certificate with Host Mismatch (CWE-297) vulnerability in Palantir Gotham Chat Irc. Its CVSS base score is 5.7 (Medium).
Operationally, ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-51006
Vulnerability details
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them…
more
to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.
When certificates are used to establish component provenance, the control requires correct certificate validation procedures.
Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks.