Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.5 views

club.callmee:spring-boot-pulsar-starter-client (>=2.10.0-11-1 <=2.10.0-11-3), com.datastax.astra:astra-sdk (>=0.3.1 <=0.3.3) +34 more potentially affected by CVE-2022-33681 via org.apache.pulsar:pulsar-client (=2.10.0)

org.apache.pulsar:pulsar-client MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-client and may be impacted: - club.callmee:spring-boot-pulsar-starter-client =2.10.0-11-1, =0.3.1, =0.3.1, =0.3.1, =1.0.5,...

5.9CVSS6.2AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.6 views

club.callmee:spring-boot-pulsar-starter-client (>=2.10.0-11-1 <=2.10.0-11-3), cn.starlight-software:sherly-pulsar (=2.0.6) +284 more potentially affected by CVE-2022-33681 via org.apache.pulsar:pulsar-client (>=1.19.0-incubating <=2.7.4)

org.apache.pulsar:pulsar-client MAVEN version =1.19.0-incubating, =2.10.0-11-1, =0.0.2, =0.0.1, =0.0.1, =2.8.2, =2.9.0, =2.8.2, =2.9.0, =v2.8.2 - com.clever-cloud.pulsar4s:pulsar4s-avro3 =2.9.0 and more Source cves: CVE-2022-33681 Source advisory: OSV:GHSA-C5FP-X2H5-VJV7...

5.9CVSS6.2AI score0.0058EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/23 9:25 a.m.18 views

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

6.2AI score0.0058EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/23 9:25 a.m.5 views

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

5.9AI score0.0058EPSS
Exploits0References1
CVE
CVE
added 2022/09/23 9:25 a.m.115 views

CVE-2022-33681

CVE-2022-33681 describes a vulnerability in the Apache Pulsar Java Client and Pulsar Proxy where delayed TLS hostname verification allows a MITM to capture authentication data. Affected software (from the provided docs) includes Apache Pulsar Java Client versions: 2.7.0–2.7.4; 2.8.0–2.8.3; 2.9.0–...

5.9CVSS6.2AI score0.0058EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/23 9:25 a.m.17 views

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

5.9CVSS6.3AI score0.0058EPSS
Exploits0References3
Rows per page
Query Builder