Lucene search

ROSA LABROSA-SA-2023-2196

HistoryJul 18, 2023 - 11:36 a.m.

Advisory ROSA-SA-2023-2196

2023-07-1811:36:16

ROSA LAB

abf.rosalinux.ru

rosa-chrome

java client

man-in-the-middle

security update

dnf update

unix

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

33.1%

JSON

Software: bookkeeper 4.3.2
OS: ROSA-CHROME

package_evr_string: bookkeeper-4.3.2-7.src.rpm

CVE-ID: CVE-2022-32531
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: The Apache Bookkeeper Java client (before 4.14.6, and also 4.15.0) does not close the connection to the accounting server when TLS hostname validation fails. This makes the Bookkeeper client vulnerable to a man-in-the-middle attack.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update bookkeeper

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchbookkeeper< 4.3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	bookkeeper	< 4.3.2	UNKNOWN

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

33.1%

JSON

Related for ROSA-SA-2023-2196