CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
15.7%
A flaw was found in Apache Pulsar. Due to missing authentication checking, unauthenticated users can connect to the /proxy-stats
endpoint. This endpoint exposes confidential information about the deployment and may allow the attacker to increase the logging level. As a result, the attacker may have information about IP addresses connected to the service. Additionally, it may lead to a denial Of service when the logging level is increased.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.