CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
15.7%
Apache Pulsar Proxy is vulnerable to Improper Authentication. The vulnerability is caused due to missing authorization checks in the /proxy-stats
endpoint. This can lead to unauthorized access this sensitive endpoints, allowing attackers to view detailed connection statistics and potentially manipulate logging levels without proper authentication.
www.openwall.com/lists/oss-security/2024/03/12/8
github.com/apache/pulsar/commit/084347c801185f14e42e7d399327092efbed101f
github.com/apache/pulsar/commit/a302772e391c6162e9e9554d217e2fb88915d047
github.com/apache/pulsar/commit/c644849b2dd21c824eaaeeb5b5482df7e492f49a
github.com/apache/pulsar/commit/fd6c4f817c3d8c9e6e8afffe5080637ef9727e56
lists.apache.org/thread/ods5tq2hpl390hvjnvxv0bcg4rfpgjj8
pulsar.apache.org/security/CVE-2022-34321/