Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider allows signature forgery. Upgrade to v2.11.3, 3.0.2, or 3.1.1. Update saslJaasServerRoleTokenSignerSecretPath. Affected components: Pulsar Broker, Proxy, Websocket Proxy, Function Worker
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
![]() | Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability | 7 Feb 202412:30 | – | osv |
![]() | CVE-2023-51437 | 7 Feb 202410:15 | – | osv |
![]() | Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass | 29 Mar 202401:37 | – | ibm |
![]() | CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification | 7 Feb 202409:18 | – | vulnrichment |
![]() | CVE-2023-51437 | 7 Feb 202410:15 | – | nvd |
![]() | Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability | 7 Feb 202412:30 | – | github |
![]() | Buffer overflow | 7 Feb 202410:15 | – | prion |
![]() | Timing Attack | 8 Feb 202405:44 | – | veracode |
![]() | CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification | 7 Feb 202409:18 | – | cvelist |
[
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.10.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.1.0"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo