CVE-2022-48306

MEDIUM

Palantir Gotham Chat IRC helper <30221005.210011.9242 - Man-in-the-...

Title source: llm

Description

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md

View Writeup ZIP pw:eip

Scores

CVSS v3 5.7

EPSS 0.0026

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295 CWE-297

Status published

Products (1)

palantir/gotham_chat_irc < 30221005.210011.9242

Published Feb 16, 2023

Tracked Since Feb 18, 2026