Security Advisory

CVE-2022-32531

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-15 10:17:19

Last updated 2025-04-17 18:20:47

Assigner apache

State PUBLISHED

Description

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

← Browse all CVEs View on cve.org ↗