5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
33.1%
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not
close the connection to the bookkeeper server when TLS hostname
verification fails. This leaves the bookkeeper client vulnerable to a man
in the middle attack. The problem affects BookKeeper client prior to
versions 4.14.6 and 4.15.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | bookkeeper | < any | UNKNOWN |
ubuntu | 20.04 | noarch | bookkeeper | < any | UNKNOWN |
ubuntu | 22.04 | noarch | bookkeeper | < any | UNKNOWN |
ubuntu | 16.04 | noarch | bookkeeper | < any | UNKNOWN |