5 matches found
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-28098, CVE-2024-29834 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-28098 DESCRIPTION: Apache Pulsar could allow a remote authenticated attacker to bypa...
CVE-2024-29834
creationtimestamp| type| source ---|---|--- 2024-04-12 11:49:36+00:00| seen| https://t.me/arpsyndicate/4608...
org.apache.pulsar:pulsar-broker-auth-athenz (>=3.2.0 <=3.2.1), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.2.0 <=3.2.1) +2 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=3.2.0 <=3.2.1)
org.apache.pulsar:pulsar-broker MAVEN version =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.1 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...
CVE-2024-29834
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...