307 matches found
The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar, related to authentication flaws, allows attackers to intercept and modify data in Pulsar streams.
The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to intercept and modify data in Pulsar streams remotely...
GHSA-7MG2-6C6V-342R Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
CVE-2024-29834
Apache Pulsar CVE-2024-29834 allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics (unload/compact) and to read/create/modify/delete namespace properties across namespaces; impact assumes default authorization provider. Affected: 2...
CVE-2024-29834
A flaw was discovered in Apache Pulsar. This issue may allow an authenticated user with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. Additionally, the authenticated user could read, create, modify, and...
Apache Pulsar 安全漏洞
Apache Pulsar is a U.S. Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as a distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication with high scalability, high...
PT-2024-2560 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.7.1 through 2.10.6 Apache Pulsar versions 2.11.0 through 2.11.4 Apache Pulsar versions 3.0.0 through 3.0.3 Apache Pulsar versions 3.1.0 through 3.1.3 Apache Pulsar versions 3.2.0 through 3.2.1 Description: The issue i...
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-51437 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2023-51437 DESCRIPTION: Apache Pulsar could allow a remote attacker to bypass security restrictions, caused...
This Week in Spring - March 26th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language SpEL is coming to Spring Framework 6.2! This is interesting, and a nice application of AI do I even need to spell out "artificia...
This Week in Spring - March 19th, 2024
Hi, Spring fans! And happy Java 22 release day to those who celebrate! I just put out a huge blog detailing many of the exciting new features in Java 22. Check it out! As usual, we've got a packed roundup to get through this week so let's dive right into it! the Spring Authorization Server 1.3.0-...
Path Traversal
org.apache.pulsar: pulsar-functions-worker is vulnerable to Path Traversal. The vulnerability due to improper validation of uploaded jar or nar files, which allows an authenticated attacker to create or modify files outside the designated directory, resulting in Path Traversal...
Incorrect Authorization
org.apache.pulsar, pulsar-broker is vulnerable to Incorrect Authorization. The vulnerability exists due to inadequate access controls to modify topic-level policies. Only users with the tenant admin or super user role should be permitted to perform such management operations, allowing authenticat...
Improper Input Validation
org.apache.pulsar, pulsar-functions-worker is vulnerable to improper input validation. This vulnerability is due to insufficient input validation within the Worker, which fails to adequately check user-provided inputs before executing them, resulting in the execution of arbitrary Java code outsid...
Unspecified Vulnerability in Apache Pulsar (CNVD-2024-26184)
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
Unspecified Vulnerability in Apache Pulsar (CNVD-2024-26183)
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
Apache Pulsar Path Traversal Vulnerability
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...