Lucene search

CVE-2023-51437

🗓️ 07 Feb 2024 10:08:15Reported by GoogleType

osv🔗 osv.dev👁 13 Views

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider. Upgrade to versions 2.11.3, 3.0.2, or 3.1.1. Consider updating configured secret. Affected components: Pulsar Broker, Proxy, Websocket Proxy, Function Worker

Reporter	Title	Published	Views	Family All 9
OSV	Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability	7 Feb 202412:30	–	osv
NVD	CVE-2023-51437	7 Feb 202410:15	–	nvd
CVE	CVE-2023-51437	7 Feb 202410:15	–	cve
Vulnrichment	CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification	7 Feb 202409:18	–	vulnrichment
IBM Security Bulletins	Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass	29 Mar 202401:37	–	ibm
Prion	Buffer overflow	7 Feb 202410:15	–	prion
Cvelist	CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification	7 Feb 202409:18	–	cvelist
Veracode	Timing Attack	8 Feb 202405:44	–	veracode
Github Security Blog	Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability	7 Feb 202412:30	–	github

Source	Link
lists	www.lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5
openwall	www.openwall.com/lists/oss-security/2024/02/07/1

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Feb 2024 10:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS37.4

EPSS0.00092

SSVC