5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
33.1%
Software: bookkeeper 4.3.2
OS: ROSA-CHROME
package_evr_string: bookkeeper-4.3.2-7.src.rpm
CVE-ID: CVE-2022-32531
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: The Apache Bookkeeper Java client (before 4.14.6, and also 4.15.0) does not close the connection to the accounting server when TLS hostname validation fails. This makes the Bookkeeper client vulnerable to a man-in-the-middle attack.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update bookkeeper
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ROSA | any | noarch | bookkeeper | < 4.3.2 | UNKNOWN |