CVE-2022-48307

Name of the Vulnerable Software and Affected Versions Magritte-ftp (affected versions not specified)

Description A security issue was discovered in Magritte-ftp, where it fails to verify hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. This could allow a malicious attacker in a privileged network position to perform a man-in-the-middle attack, enabling them to intercept, read, or modify network communications to and from the affected service. In the case of a successful attack on Magritte-ftp, an attacker could read and modify network traffic, including authentication tokens or raw data entering a Palantir Foundry stack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.