Lucene search
K

307 matches found

BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.5 views

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar, related to authentication flaws, allows attackers to intercept and modify data in Pulsar streams.

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to intercept and modify data in Pulsar streams remotely...

8.5CVSS6.8AI score0.01359EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/04/02 9:30 p.m.1 views

GHSA-7MG2-6C6V-342R Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

6.4CVSS5.8AI score0.01359EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/04/02 9:30 p.m.27 views

Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

6.4CVSS6.6AI score0.01359EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/04/02 8:15 p.m.29 views

CVE-2024-29834

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

6.4CVSS6.3AI score0.01359EPSS
Exploits0References3
OSV
OSV
added 2024/04/02 7:24 p.m.9 views

CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

6.4CVSS6.8AI score0.01359EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/04/02 7:24 p.m.12 views

CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

6.4CVSS6.5AI score0.01359EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/02 7:24 p.m.30 views

CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...

6.4CVSS6.5AI score0.01359EPSS
Exploits0References3
CVE
CVE
added 2024/04/02 7:24 p.m.69 views

CVE-2024-29834

Apache Pulsar CVE-2024-29834 allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics (unload/compact) and to read/create/modify/delete namespace properties across namespaces; impact assumes default authorization provider. Affected: 2...

6.4CVSS6.2AI score0.01359EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/04/02 6:6 p.m.29 views

CVE-2024-29834

A flaw was discovered in Apache Pulsar. This issue may allow an authenticated user with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. Additionally, the authenticated user could read, create, modify, and...

8.1CVSS6.1AI score0.01359EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.2 views

Apache Pulsar 安全漏洞

Apache Pulsar is a U.S. Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as a distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication with high scalability, high...

6.4CVSS6.7AI score0.01359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.3 views

PT-2024-2560 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.7.1 through 2.10.6 Apache Pulsar versions 2.11.0 through 2.11.4 Apache Pulsar versions 3.0.0 through 3.0.3 Apache Pulsar versions 3.1.0 through 3.1.3 Apache Pulsar versions 3.2.0 through 3.2.1 Description: The issue i...

7.5CVSS6.9AI score0.01359EPSS
Exploits0References20
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 1:37 a.m.29 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-51437 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2023-51437 DESCRIPTION: Apache Pulsar could allow a remote attacker to bypass security restrictions, caused...

7.4CVSS7.4AI score0.00763EPSS
Exploits0Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/03/26 12:0 a.m.20 views

This Week in Spring - March 26th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language SpEL is coming to Spring Framework 6.2! This is interesting, and a nice application of AI do I even need to spell out "artificia...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/03/19 12:0 a.m.43 views

This Week in Spring - March 19th, 2024

Hi, Spring fans! And happy Java 22 release day to those who celebrate! I just put out a huge blog detailing many of the exciting new features in Java 22. Check it out! As usual, we've got a packed roundup to get through this week so let's dive right into it! the Spring Authorization Server 1.3.0-...

6.8AI score
Exploits0
Veracode
Veracode
added 2024/03/15 6:59 p.m.22 views

Path Traversal

org.apache.pulsar: pulsar-functions-worker is vulnerable to Path Traversal. The vulnerability due to improper validation of uploaded jar or nar files, which allows an authenticated attacker to create or modify files outside the designated directory, resulting in Path Traversal...

9.9CVSS6.6AI score0.56934EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2024/03/14 9:28 a.m.20 views

Incorrect Authorization

org.apache.pulsar, pulsar-broker is vulnerable to Incorrect Authorization. The vulnerability exists due to inadequate access controls to modify topic-level policies. Only users with the tenant admin or super user role should be permitted to perform such management operations, allowing authenticat...

6.4CVSS6.9AI score0.01701EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/03/14 7:6 a.m.15 views

Improper Input Validation

org.apache.pulsar, pulsar-functions-worker is vulnerable to improper input validation. This vulnerability is due to insufficient input validation within the Worker, which fails to adequately check user-provided inputs before executing them, resulting in the execution of arbitrary Java code outsid...

9.9CVSS7.5AI score0.05983EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2024/03/14 12:0 a.m.6 views

Unspecified Vulnerability in Apache Pulsar (CNVD-2024-26184)

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

6.4CVSS6.5AI score0.01701EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/14 12:0 a.m.4 views

Unspecified Vulnerability in Apache Pulsar (CNVD-2024-26183)

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

8.8CVSS6.9AI score0.01895EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/14 12:0 a.m.8 views

Apache Pulsar Path Traversal Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

9.9CVSS6.5AI score0.56934EPSS
Exploits0References1
Rows per page
Query Builder