-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Security advisories
Michael Marshall edited this page Nov 4, 2022
·
5 revisions
Note: There's a separate Security policy page which describes the security vulnerability process and details of supported versions of Apache Pulsar.
- 2021-05-25 CVE-2021-22160 Authentication with JWT allows use of "none"-algorithm
- 2022-01-31 CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API
- 2022-09-22 CVE-2022-24280 Apache Pulsar Proxy target broker address isn't validated
- 2022-09-22 CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
- 2022-09-22 CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack
- 2022-09-22 CVE-2022-33683 Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack
- 2022-11-03 CVE 2022 33684 Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation