Incorrect Authorization

2024-04-0305:54:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache pulsar

vulnerability

incorrect authorization

permission checks

attacker

operations

unloading topics

triggering compaction

authenticated user

namespace properties

any tenant

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

15.5%

JSON

Apache Pulsar is vulnerable to Incorrect Authorization. The vulnerability is due to improper permission checks, which allows an attacker to perform operations such as unloading topics or triggering compaction. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant.