CVE-2024-27317

2024-03-1220:42:09

redhat.com

access.redhat.com

cve-2024-27317

path traversal

apache pulsar

authenticated users

zip file

function workers

file validation

vulnerability

pulsar broker

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

8.2

Confidence

High

EPSS

Percentile

15.5%

JSON

A path traversal vulnerability was found in Apache Pulsar. Pulsar allows authenticated users to upload functions to be run by the Pulsar Function Workers, these codes are in the format of a ZIP file. When extracting the uploaded ZIP file Pulsar fails to properly validate the file names contained in the uploaded ZIP file. This flaw allows an attacker to create or modify files outside of the intended directory, possibly influencing the system’s behavior. Pulsar Broker is also vulnerable to this flaw when configured with “functionsWorkerEnabled=true”.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.