6 matches found
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...
CVE-2023-37579
creationtimestamp| type| source ---|---|--- 2023-07-12 14:45:30+00:00| seen| https://t.me/cibsecurity/66527...
com.clever-cloud:biscuit-pulsar (=3.2.1), com.github.shoothzj:test-pulsar (>=3.1.12 <=3.1.15) +10 more potentially affected by CVE-2023-37579 via org.apache.pulsar:pulsar-functions-worker (>=2.0.0-rc1-incubating <=2.10.3)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.0.0-rc1-incubating, =3.1.12, =0.0.1, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.10.0, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.10.0, =2.0.0-rc1-incubating, =1.0.0, =1.1.0 Source cves: CVE-2023-37579...
CVE-2023-37579
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...
CVE-2023-37579 Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks...
CVE-2023-37579
This CVE affects Apache Pulsar Function Worker. An incorrect authorization flaw allows any authenticated user to retrieve a source or sink configuration, potentially exposing credentials stored in those configurations. Affected products/versions: Pulsar Function Worker before 2.10.4 and before 2....