cvedb.io
CVE-2022-27890
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2023-02-16T16:15:11.930 · Last modified 2026-06-17T04:37:42.213

Summary

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.

Affected products

palantir — atlasdb

Does this affect you?

Add your gear to cvedb and we'll alert you only when palantir ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.