3 matches found
c8-source-c8collection (>=0.0.2 <=0.0.10), macrometa-source-collection (>=0.0.11 <=1.0.6a2) potentially affected by CVE-2022-33684 via pulsar-client (=2.10.1)
pulsar-client PYPI version =2.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on pulsar-client and may be impacted: - c8-source-c8collection =0.0.2, =0.0.11, =1.0.6a2 Source cves: CVE-2022-33684 Source advisory: OSV:GHSA-5R3H-C3R7-9W4H...
CVE-2022-33684 Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...
CVE-2022-33684
The CVE-2022-33684 entry documents a vulnerability in the Apache Pulsar C++ and Python clients where TLS peer certificate verification is not performed during OAuth2.0 Client Credential Flow HTTPS calls, even when tlsAllowInsecureConnection is disabled. This enables MITM attackers who can control...