QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32531

Published: Dec 15, 2022

Modified: Apr 17, 2025

PUBLISHED

Description

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

Vendor	Product	Versions
Apache Software Foundation	Apache BookKeeper	affected `0 - <= 4.14.5` affected `4.15.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.