CVE-2023-51437: Apache Pulsar: Timing attack in SASL token signature verification

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-51437

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Apache Pulsar: Timing attack in SASL token signature verification

Source: NVD (National Vulnerability Database)

Vulnerability Description

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过差异性导致的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Pulsar 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Pulsar是美国阿帕奇（Apache）基金会的一个用于云环境种，集消息、存储、轻量化函数式计算为一体的分布式消息流平台。该软件支持多租户、持久化存储、多机房跨区域数据复制，具有强一致性、高吞吐以及低延时的高可扩展流数据存储特性。 Apache Pulsar存在安全漏洞，该漏洞源于身份验证程序中可观察到时间差异，可能允许攻击者伪造签名验证的SASL角色令牌。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Pulsar	0 ~ 2.10.5	-

II. Public POCs for CVE-2023-51437

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-51437

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Apache Pulsar

Same vendor: Apache Software Foundation

Same weakness: CWE-203

V. Comments for CVE-2023-51437

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-51437

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-51437

III. Intelligence Information for CVE-2023-51437

IV. Related Vulnerabilities

V. Comments for CVE-2023-51437

Leave a comment