org.apache.pulsar:pulsar-broker (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.pulsar:pulsar-broker, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2023-30428 — CVSS 8.2 (high): Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a…
CVE-2024-28098 — CVSS 6.4 (medium): The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention…
CVE-2024-29834 — CVSS 6.4 (medium): This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics…
CVE-2022-33682 — CVSS 5.9 (medium): TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket…
CVE-2022-33683 — CVSS 5.9 (medium): Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when…
CVE-2023-31007 — CVSS 0.0 (none): Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker…