Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication with JWT allows use of “none”-algorithm
Vulnerability Description
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Pulsar 数据伪造问题漏洞
Vulnerability Description
Apache Pulsar是美国阿帕奇(Apache)基金会的一个用于云环境种,集消息、存储、轻量化函数式计算为一体的分布式消息流平台。该软件支持多租户、持久化存储、多机房跨区域数据复制,具有强一致性、高吞吐以及低延时的高可扩展流数据存储特性。 Apache Pulsar存在数据伪造问题漏洞,该漏洞源于在处理基于JSON Web令牌(JWT)的身份验证请求时出现的错误,允许远程攻击者绕过身份验证过程。以下产品和版本受到影响:Apache Pulsar:1.14, 1.15, 1.15.1, 1.15.2,
CVSS Information
N/A
Vulnerability Type
N/A