CVE-2022-48307

MEDIUM

Palantir Magritte-ftp - Man-in-the-Middle via TLS Hostname Validation Failure

Title source: manual

Description

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-13.md

View Writeup ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0021

EPSS Percentile 10.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295 CWE-297

Status published

Products (1)

palantir/magritte-ftp < 9.466.0

Published Feb 16, 2023

Tracked Since Feb 18, 2026