Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-31007
HistoryJul 12, 2023 - 10:15 a.m.

CVE-2023-31007

2023-07-1210:15:10
CWE-287
[email protected]
web.nvd.nist.gov
4
apache pulsar broker
improper authentication
vulnerability
client
connect
upgrade
cve-2023-31007

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.

This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.

2.9 Pulsar Broker users should upgrade to at least 2.9.5.
2.10 Pulsar Broker users should upgrade to at least 2.10.4.
2.11 Pulsar Broker users should upgrade to at least 2.11.1.
3.0 Pulsar Broker users are unaffected.
Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.

Affected configurations

Nvd
Node
apachepulsarRange<2.9.5
OR
apachepulsarRange2.10.02.10.3
OR
apachepulsarMatch2.11.0-
OR
apachepulsarMatch2.11.0candidate_1
OR
apachepulsarMatch2.11.0candidate_5
VendorProductVersionCPE
apachepulsar*cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*
apachepulsar2.11.0cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*
apachepulsar2.11.0cpe:2.3:a:apache:pulsar:2.11.0:candidate_1:*:*:*:*:*:*
apachepulsar2.11.0cpe:2.3:a:apache:pulsar:2.11.0:candidate_5:*:*:*:*:*:*

Related

veracode 1
osv 2
prion 1
cvelist 1
cve 1
github 1
ibm 1
veracode
veracode
Improper Authentication
2023-07-14 05:40:45
osv
osv
Apache Pulsar Broker Improper Authentication vulnerability
2023-07-12 12:31:36
CVE-2023-31007
2023-07-12 10:15:10
prion
prion
Authentication flaw
2023-07-12 10:15:00
cvelist
cvelist
CVE-2023-31007 Apache Pulsar: Broker does not always disconnect client when authentication data expires
2023-07-12 09:07:03
cve
cve
CVE-2023-31007
2023-07-12 10:15:10
github
github
Apache Pulsar Broker Improper Authentication vulnerability
2023-07-12 12:31:36
ibm
ibm
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
2023-09-28 03:14:16

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON
Related for NVD:CVE-2023-31007
veracode1osv2prion1cvelist1cve1github1ibm1