Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentApacheVULNRICHMENT:CVE-2023-51437
HistoryFeb 07, 2024 - 9:18 a.m.

CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification

2024-02-0709:18:19
CWE-203
apache
github.com
5
apache pulsar
timing attack
sasl token
signature verification
vulnerability
upgrade
version 2.11.3
version 3.0.2
version 3.1.1

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

34.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the saslJaasServerRoleTokenSignerSecretPath file.

Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.

2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.

For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Pulsar",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "2.10.5"
      },
      {
        "status": "affected",
        "version": "2.11.0",
        "versionType": "semver",
        "lessThanOrEqual": "2.11.2"
      },
      {
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "3.0.1"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

osv 2
cve 1
nvd 1
ibm 1
prion 1
veracode 1
cvelist 1
github 1
osv
osv
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
2024-02-07 12:30:25
CVE-2023-51437
2024-02-07 10:15:08
cve
cve
CVE-2023-51437
2024-02-07 10:15:08
nvd
nvd
CVE-2023-51437
2024-02-07 10:15:08
ibm
ibm
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass
2024-03-29 01:37:10
prion
prion
Buffer overflow
2024-02-07 10:15:00
veracode
veracode
Timing Attack
2024-02-08 05:44:32
cvelist
cvelist
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification
2024-02-07 09:18:19
github
github
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
2024-02-07 12:30:25

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

34.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2023-51437
osv2cve1nvd1ibm1prion1veracode1cvelist1github1