Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:36 a.m.12 views

CVE-2022-33682

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

5.9CVSS6.7AI score0.00597EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.6 views

com.clever-cloud:biscuit-pulsar (>=2.3.2 <=3.2.0), com.github.shoothzj:test-pulsar (>=3.1.7 <=3.1.11) +4 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-broker (>=2.9.0 <=2.9.2)

org.apache.pulsar:pulsar-broker MAVEN version =2.9.0, =2.3.2, =3.1.7, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...

5.9CVSS6.2AI score0.00597EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.9 views

co.macrometa.c8streams.handlers:kop (>=2.7.1.5 <=2.7.1.6), com.clever-cloud:biscuit-pulsar (=3.2.1) +11 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-broker (>=1.19.0-incubating <=2.7.4)

org.apache.pulsar:pulsar-broker MAVEN version =1.19.0-incubating, =2.7.1.5, =3.1.12, =3.6, =3.6, =0.0.1, =2.0.0-rc1-incubating, =1.19.0-incubating, =2.4.0, =2.0.0-rc1-incubating, =2.1.0-incubating, =1.19.0-incubating, =1.0.0, =1.1.0 Source cves: CVE-2022-33682 Source advisory:...

5.9CVSS6.2AI score0.00597EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.5 views

org.apache.pulsar:pulsar-server-distribution (=2.10.0) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (=2.10.0)

org.apache.pulsar:pulsar-proxy MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-proxy and may be impacted: - org.apache.pulsar:pulsar-server-distribution =2.10.0 Source cves: CVE-2022-33682 Source advisory:...

5.9CVSS6.2AI score0.00597EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.6 views

org.apache.pulsar:pulsar-server-distribution (>=2.8.0 <=2.8.3) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (>=2.8.0 <=2.8.3)

org.apache.pulsar:pulsar-proxy MAVEN version =2.8.0, =2.8.0, =2.8.3 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...

5.9CVSS6.2AI score0.00597EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/25 12:0 a.m.8 views

org.apache.pulsar:distribution (>=2.0.0-rc1-incubating <=2.0.1-incubating), org.apache.pulsar:pulsar-docker-image (>=2.0.0-rc1-incubating <=2.7.4) +1 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (>=2.0.0-rc1-incubating <=2.7.4)

org.apache.pulsar:pulsar-proxy MAVEN version =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.1.0-incubating, =2.11.4 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...

5.9CVSS6.2AI score0.00597EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/23 9:25 a.m.28 views

CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

5.9AI score0.00597EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/23 9:25 a.m.8 views

CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

6.6AI score0.00597EPSS
Exploits0References1
CVE
CVE
added 2022/09/23 9:25 a.m.73 views

CVE-2022-33682

The CVE-2022-33682 entry describes a TLS hostname verification issue in Apache Pulsar components: Pulsar Broker, Proxy, and WebSocket Proxy (Java Clients and Admin Client) where hostname verification cannot be enabled for pulsar+ssl and HTTPS. Root cause: hostname verification disabled, enabling ...

5.9CVSS5.6AI score0.00597EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder