Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache pulsar vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-22160
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an malicious user to connect to Pulsar instances as any ...
Apache Pulsar
8.8
CVSSv3
CVE-2023-30429
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: prior to 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authentic...
Apache Pulsar 2.11.0
Apache Pulsar
8.1
CVSSv3
CVE-2023-30428
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2...
Apache Pulsar 2.11.0
Apache Pulsar
8.1
CVSSv3
CVE-2022-33684
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an malicious user to perform a man in the middle attac...
Apache Pulsar
7.5
CVSSv3
CVE-2023-37544
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an malicious user to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 up to and including 2.8.*, from 2.9.0 up to and including 2.9....
Apache Pulsar 3.0.0
Apache Pulsar
7.4
CVSSv3
CVE-2023-51437
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an malicious user to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users...
Apache Pulsar
Apache Pulsar 3.1.0
6.5
CVSSv3
CVE-2023-31007
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthDat...
Apache Pulsar 2.11.0
Apache Pulsar
6.5
CVSSv3
CVE-2023-37579
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: prior to 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization...
Apache Pulsar 2.11.0
Apache Pulsar
6.5
CVSSv3
CVE-2022-24280
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an malicious user to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP...
Apache Pulsar
6.5
CVSSv3
CVE-2021-41571
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed t...
Apache Pulsar
Apache Pulsar 2.8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »