CVE-2022-27890

Name of the Vulnerable Software and Affected Versions sls-logging (affected versions not specified)

Description The issue arises from the misuse of the javax.net.ssl.SSLSocketFactory API, which fails to verify hostnames in TLS certificates. This could allow a malicious attacker in a privileged network position to perform a man-in-the-middle attack, enabling them to intercept, read, or modify network communications to and from the affected service. In the context of AtlasDB, the vulnerability is mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.