Auth bypass in Apache Pulsar
CVE-2023-31007
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is co…
Vulnerability class: Broken Authentication
EPSS: 0.007 (49.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Pulsar — versions 2.11.0
- Apache Software Foundation Pulsar — versions 0, 2.10.0, 2.11.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory, Mailing List, Vendor Advisory)