Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-32531 Vulnerability in maven package org.apache.bookkeeper:bookkeeper-common

Description

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

Remediation

References

https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9

Related Vulnerabilities

CVE-2022-41228 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2021-36372 Vulnerability in maven package org.apache.ozone:ozone-common

CVE-2020-2135 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-10385 Vulnerability in maven package org.jenkins-ci.plugins:eggplant-plugin

CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service

Severity

Medium

Classification

CWE-295 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Mailing List Vendor Advisory