Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.
This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.
2.9 Pulsar Broker users should upgrade to at least 2.9.5.
2.10 Pulsar Broker users should upgrade to at least 2.10.4.
2.11 Pulsar Broker users should upgrade to at least 2.11.1.
3.0 Pulsar Broker users are unaffected.
Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj | Mailing List Vendor Advisory |
https://lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj | Mailing List Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj - Mailing List, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 0.0 |
20 Jul 2023, 16:53
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://lists.apache.org/thread/qxn99xxyp0zv6jchjggn3soyo5gvqfxj - Mailing List, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:apache:pulsar:2.11.0:candidate_1:*:*:*:*:*:* cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:* cpe:2.3:a:apache:pulsar:2.11.0:candidate_5:*:*:*:*:*:* cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:* |
12 Jul 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-12 10:15
Updated : 2024-11-21 08:01
NVD link : CVE-2023-31007
Mitre link : CVE-2023-31007
CVE.ORG link : CVE-2023-31007
JSON object : View
Products Affected
apache
- pulsar
CWE
CWE-287
Improper Authentication