VYPR
Medium severity6.3NVD Advisory· Published Feb 16, 2023· Updated Jun 17, 2026

CVE-2022-48308

CVE-2022-48308

Description

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Palace/sls-loggingllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.