CVE-2022-48308

Name of the Vulnerable Software and Affected Versions sls-logging (affected versions not specified)

Description The issue arises from the sls-logging not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. This could allow a malicious attacker in a privileged network position to perform a man-in-the-middle attack, enabling them to intercept, read, or modify network communications to and from the affected service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.