Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache pulsar vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-30428
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2...
Apache Pulsar 2.11.0
Apache Pulsar
8.8
CVSSv3
CVE-2023-30429
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: prior to 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authentic...
Apache Pulsar 2.11.0
Apache Pulsar
8.1
CVSSv3
CVE-2022-33684
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an malicious user to perform a man in the middle attac...
Apache Pulsar
5.9
CVSSv3
CVE-2022-33681
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable...
Apache Pulsar
Apache Pulsar 2.10.0
5.9
CVSSv3
CVE-2022-33682
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connectio...
Apache Pulsar
Apache Pulsar 2.10.0
5.9
CVSSv3
CVE-2022-33683
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerab...
Apache Pulsar
Apache Pulsar 2.10.0
6.5
CVSSv3
CVE-2022-24280
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an malicious user to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP...
Apache Pulsar
6.5
CVSSv3
CVE-2021-41571
In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed t...
Apache Pulsar
Apache Pulsar 2.8.0
9.8
CVSSv3
CVE-2021-22160
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an malicious user to connect to Pulsar instances as any ...
Apache Pulsar
6.5
CVSSv3
CVE-2020-17520
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
Apache Pulsar Manager 0.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2