Lucene search

K
cve[email protected]CVE-2022-24280
HistorySep 23, 2022 - 10:15 a.m.

CVE-2022-24280

2022-09-2310:15:10
CWE-20
web.nvd.nist.gov
39
8
cve-2022-24280
nvd
security
vulnerability
apache pulsar proxy
tcp/ip
dos attack
authentication bypass

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.2%

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy’s IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy’s IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.

Affected configurations

Vulners
NVD
Node
apachepulsarRange2.7.4
OR
apachepulsarRange2.8.2
OR
apachepulsarRange2.9.1
OR
apachepulsarRange2.6.4

CNA Affected

[
  {
    "product": "Apache Pulsar",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.7.4",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.8.2",
        "status": "affected",
        "version": "2.8",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.9.1",
        "status": "affected",
        "version": "2.9",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.6.4",
        "status": "affected",
        "version": "2.6 and earlier",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.2%