CVE-2022-24280

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24280
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24280.json
Aliases
Published
2022-09-23T10:15:10Z
Modified
2023-11-29T09:28:59.231409Z
Details

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.

References

Affected packages

Git / github.com/apache/pulsar

Affected ranges

Type
GIT
Repo
https://github.com/apache/pulsar
Events
Introduced
bdd57b21a66b81aab72c4ec39d516ffd2a769c35
Fixed
a3f52891593e093c27b583094a1fbfd09bbbae1a
Introduced
b0c45952d063b754e387b3f9cbff279b9885b107
Introduced
89ac98e4af363b09f2fe8e309539b0e35243aaee

Affected versions

v2.*

v2.9.0
v2.9.0-candidate-4
v2.9.1
v2.9.1-candidate-1
v2.9.1-candidate-2
v2.9.2-candidate-1
v2.9.2-candidate-2
v2.9.2-candidate-3