CVE-2022-33681

A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle MITM attack, manipulating network traffic and gaining the client's authentication data...

GHSA-C5FP-X2H5-VJV7 Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

CVE-2022-33681

CVE-2022-33681 describes a vulnerability in the Apache Pulsar Java Client and Pulsar Proxy where delayed TLS hostname verification allows a MITM to capture authentication data. Affected software (from the provided docs) includes Apache Pulsar Java Client versions: 2.7.0–2.7.4; 2.8.0–2.8.3; 2.9.0–...

PT-2022-21797 · Apache · Apache Pulsar Java Client

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Java Client versions 2.6.4 and earlier Apache Pulsar Java Client versions 2.7.0 through 2.7.4 Apache Pulsar Java Client versions 2.8.0 through 2.8.3 Apache Pulsar Java Client versions 2.9.0 through 2.9.2 Apache Pulsar Java Clien...