CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.6%
pulsar-broker-auth-sasl is vulnerable to a Timing Attack. The vulnerability is due to the verifyAndExtract
function within SaslRoleTokenSigner.java
because it take different amounts of time to return false depending on how many characters it needs to compare before finding a mismatch. This variability allows an attacker to deduce the correct signature by measuring these time differences, resulting in SASL authentication bypass.
www.openwall.com/lists/oss-security/2024/02/07/1
github.com/advisories/GHSA-c57v-4vg5-cm2x
github.com/apache/pulsar/commit/c05954e66ff33098aeb848f4bde51613ace7e47e
github.com/apache/pulsar/issues/21053
github.com/apache/pulsar/pull/21061
lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5
www.openwall.com/lists/oss-security/2024/02/07/1