Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-47r2-phr8-m8cp

Опубликовано: 12 июл. 2023
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Apache Pulsar Broker Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.

This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.

2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.

Ссылки

Пакеты

Наименование

org.apache.pulsar:pulsar-broker

maven
Затронутые версииВерсия исправления

>= 2.9.0, < 2.10.4

2.10.4

Наименование

org.apache.pulsar:pulsar-broker

maven
Затронутые версииВерсия исправления

= 2.11.0

2.11.1

EPSS

Процентиль: 20%
0.00063
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-31007

Дефекты

CWE-287

Связанные уязвимости

nvd логотип

CVE-2023-31007

nvd
больше 2 лет назад

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.

fstec логотип

BDU:2023-07217

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость облачной платформы для распределенного обмена сообщениями и потоковой передачи Apache Pulsar, связанная с недостатками процедуры аутентификации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 20%
0.00063
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2023-31007

Дефекты

CWE-287