Maven package
org.apache.pulsar/pulsar-proxy
pkg:maven/org.apache.pulsar/pulsar-proxy
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34321 | — | >= 2.6.0, < 2.10.6 | 2.10.6 | Mar 12, 2024 | Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of pro | ||
| CVE-2022-33683 | — | < 2.7.5 | 2.7.5 | Sep 23, 2022 | Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to | ||
| CVE-2022-33682 | — | < 2.7.5 | 2.7.5 | Sep 23, 2022 | TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man |
- CVE-2022-34321Mar 12, 2024affected >= 2.6.0, < 2.10.6fixed 2.10.6
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of pro
- CVE-2022-33683Sep 23, 2022affected < 2.7.5fixed 2.7.5
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to
- CVE-2022-33682Sep 23, 2022affected < 2.7.5fixed 2.7.5
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man