Pulsar@* Security Vulnerabilities and Issues — Pulsar@* CVE List

Lucene search

ApachePulsar*

7 matches found

CVE•added 2024/02/07 10:15 a.m.•76 views

CVE-2023-51437

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider upda...

7.4CVSS7.2AI score0.00124EPSS

CVE•added 2024/03/12 7:15 p.m.•61 views

CVE-2024-27317

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the ...

9.9CVSS8.2AI score0.00761EPSS

CVE•added 2024/03/12 7:15 p.m.•59 views

CVE-2024-27135

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is config...

9.9CVSS8.6AI score0.0012EPSS

CVE•added 2024/03/12 7:15 p.m.•58 views

CVE-2024-27894

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will r...

8.8CVSS8.4AI score0.00319EPSS

CVE•added 2024/03/12 7:15 p.m.•53 views

CVE-2022-34321

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections wi...

8.2CVSS8.1AI score0.00054EPSS

CVE•added 2024/03/12 7:15 p.m.•52 views

CVE-2024-28098

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache P...

6.4CVSS5.7AI score0.00173EPSS

CVE•added 2024/04/02 8:15 p.m.•48 views

CVE-2024-29834

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An ...

6.4CVSS6.2AI score0.0016EPSS