Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache pulsar 2.11.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-29834
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or ...
NA
CVE-2022-34321
Improper Authentication vulnerability in Apache Pulsar Proxy allows an malicious user to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level ...
NA
CVE-2024-27135
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broke...
NA
CVE-2024-27894
The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is ...
NA
CVE-2024-27317
In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when th...
NA
CVE-2024-28098
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This iss...
NA
CVE-2023-37544
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an malicious user to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 up to and including 2.8.*, from 2.9.0 up to and including 2.9....
Apache Pulsar 3.0.0
Apache Pulsar
NA
CVE-2023-30429
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: prior to 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authentic...
Apache Pulsar 2.11.0
Apache Pulsar
NA
CVE-2023-31007
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthDat...
Apache Pulsar 2.11.0
Apache Pulsar
NA
CVE-2023-37579
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: prior to 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization...
Apache Pulsar 2.11.0
Apache Pulsar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »