org.apache.pulsar:pulsar-broker
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.pulsar:pulsar-brokerpage 1 of 1
- CVE-2022-33682MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.10.12022-09-23
vulnerable: 2.10.0
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-…
- CVE-2022-33683MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.10.12022-09-23
vulnerable: 2.10.0
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replic…
- CVE-2023-30428HIGHCVSS 8.2EG 8.2✓ Fixed in 2.11.12023-07-12
vulnerable: 2.11.0
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affect…
- CVE-2023-31007NONECVSS 0.0EG 0.0✓ Fixed in 2.11.12023-07-12
vulnerable: 2.11.0
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is co…
- CVE-2024-28098MEDIUMCVSS 6.4EG 6.4✓ Fixed in 2.10.62024-03-12
vulnerable: 2.10.0 ... 2.9.5 (22 versions)
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenan…
- CVE-2024-29834MEDIUMCVSS 6.4EG 6.4✓ Fixed in 3.2.22024-04-02
vulnerable: 3.2.0, 3.2.1
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricte…
Check whether org.apache.pulsar:pulsar-broker is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.pulsar:pulsar-broker CVEs against the assets you own.
Start Free Scan →