Lucene search

Veracode Vulnerability DatabaseVERACODE:41280

HistoryJul 14, 2023 - 5:40 a.m.

Improper Authentication

2023-07-1405:40:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

org.apache.pulsar

pulsar proxy

expiration

command

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

org.apache.pulsar:pulsar-broker is vulnerable to Improper Authentication. When authenticateOriginalAuthData is set to false, the clients may continue to connect to a broker even after the authentication data has expired if they used Pulsar Proxy or a specifically designed connect command.

CPENameOperatorVersion
pulsar brokereq2.11.0
pulsar brokerle2.10.3
pulsar brokereq2.11.0
pulsar brokerle2.10.3

Name	Operator	Version
pulsar broker	eq	2.11.0
pulsar broker	le	2.10.3
pulsar broker	eq	2.11.0
pulsar broker	le	2.10.3

References

github.com/advisories/GHSA-47r2-phr8-m8cp

lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for VERACODE:41280