CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS
Percentile
50.0%
org.apache.pulsar:pulsar-functions-worker is vulnerable to Incorrect Authorization. The configuration of a source or sink could be accessed by an authenticated user without permission, potentially exposing credentials. This vulnerability is lessened by the fact that there are no known techniques for authenticated users to discover the sources or sinks of other tenants, requiring name guessing.