9 matches found
CVE-2022-33682
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...
com.clever-cloud:biscuit-pulsar (>=2.3.2 <=3.2.0), com.github.shoothzj:test-pulsar (>=3.1.7 <=3.1.11) +4 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-broker (>=2.9.0 <=2.9.2)
org.apache.pulsar:pulsar-broker MAVEN version =2.9.0, =2.3.2, =3.1.7, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...
co.macrometa.c8streams.handlers:kop (>=2.7.1.5 <=2.7.1.6), com.clever-cloud:biscuit-pulsar (=3.2.1) +11 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-broker (>=1.19.0-incubating <=2.7.4)
org.apache.pulsar:pulsar-broker MAVEN version =1.19.0-incubating, =2.7.1.5, =3.1.12, =3.6, =3.6, =0.0.1, =2.0.0-rc1-incubating, =1.19.0-incubating, =2.4.0, =2.0.0-rc1-incubating, =2.1.0-incubating, =1.19.0-incubating, =1.0.0, =1.1.0 Source cves: CVE-2022-33682 Source advisory:...
org.apache.pulsar:pulsar-server-distribution (=2.10.0) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (=2.10.0)
org.apache.pulsar:pulsar-proxy MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-proxy and may be impacted: - org.apache.pulsar:pulsar-server-distribution =2.10.0 Source cves: CVE-2022-33682 Source advisory:...
org.apache.pulsar:pulsar-server-distribution (>=2.8.0 <=2.8.3) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (>=2.8.0 <=2.8.3)
org.apache.pulsar:pulsar-proxy MAVEN version =2.8.0, =2.8.0, =2.8.3 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...
org.apache.pulsar:distribution (>=2.0.0-rc1-incubating <=2.0.1-incubating), org.apache.pulsar:pulsar-docker-image (>=2.0.0-rc1-incubating <=2.7.4) +1 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (>=2.0.0-rc1-incubating <=2.7.4)
org.apache.pulsar:pulsar-proxy MAVEN version =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.1.0-incubating, =2.11.4 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...
CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...
CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...
CVE-2022-33682
The CVE-2022-33682 entry describes a TLS hostname verification issue in Apache Pulsar components: Pulsar Broker, Proxy, and WebSocket Proxy (Java Clients and Admin Client) where hostname verification cannot be enabled for pulsar+ssl and HTTPS. Root cause: hostname verification disabled, enabling ...