Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v | Mailing List Vendor Advisory |
https://lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v | Mailing List Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-23 10:15
Updated : 2024-11-21 06:50
NVD link : CVE-2022-24280
Mitre link : CVE-2022-24280
CVE.ORG link : CVE-2022-24280
JSON object : View
Products Affected
apache
- pulsar
CWE
CWE-20
Improper Input Validation