org.apache.pulsar:pulsar-broker 2.9.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.pulsar:pulsar-broker package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Improper Authorization Affected versions of this package are vulnerable to Improper Authorization in namespace and topic management endpoints. An attacker with produce or consume permissions can perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction, which should be restricted to users with the tenant admin role or superuser role. Note: The vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. How to fix Improper Authorization? Upgrade `org.apache.pulsar:pulsar-broker` to version 3.0.4, 3.2.2 or higher.	[2.7.1,3.0.4)[3.1.0,3.2.2)
M Improper Authorization Affected versions of this package are vulnerable to Improper Authorization on topic-level policy management. An attacker can bypass access restrictions and modify topic-level policies without proper permissions. How to fix Improper Authorization? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.	[2.7.1,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)
H Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. Note This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". How to fix Improper Input Validation? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.	[2.4.0,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)
H Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') due to improper validation of filenames in uploaded jar or nar files, which are essentially zip files. An attacker can create or modify files outside of the designated extraction directory, potentially influencing system behavior by uploading a malicious file that exploits directory traversal with special elements like `..` in the filenames. Note: This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.	[2.4.0,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)
H Improper Access Control Affected versions of this package are vulnerable to Improper Access Control due to the capability that permits authenticated users to create functions where the function's implementation is referenced by a URL, including schemes like `file`, `http`, and `https`. An attacker can gain unauthorized access to any file that the process has permission to read, including sensitive information in the process environment, by creating a function with a URL pointing to the desired file. Furthermore, this vulnerability can be exploited to use the process as a proxy to access the content of remote HTTP and HTTPS endpoint URLs, which could be leveraged to carry out denial-of-service attacks. Note: This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". How to fix Improper Access Control? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.	[2.4.0,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)
H Improper Authentication Affected versions of this package are vulnerable to Improper Authentication through the `/pingpong` endpoint. An attacker can connect to the endpoint without requiring authentication, potentially leading to denial of service due to the WebSocket Proxy accepting any connections and excessive data transfer through misuse of the WebSocket `ping/pong` feature. How to fix Improper Authentication? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.10.5, 2.11.2, 3.0.1 or higher.	[2.8.0,2.10.5)[2.11.0,2.11.2)[3.0.0,3.0.1)
H Incorrect Authorization Affected versions of this package are vulnerable to Incorrect Authorization allowing an authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. Note: The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability. There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic-level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants. How to fix Incorrect Authorization? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.10.4, 2.11.1 or higher.	[2.9,2.10.4)[2.11,2.11.1)
M Insufficient Session Expiration Affected versions of this package are vulnerable to Insufficient Session Expiration which allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with `authenticateOriginalAuthData=false` or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with `authenticateOriginalAuthData=false`. How to fix Insufficient Session Expiration? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.9.5, 2.10.4, 2.11.1 or higher.	[,2.9.5)[2.10.0,2.10.4)[2.11.0,2.11.1)
M Improper Certificate Validation Affected versions of this package are vulnerable to Improper Certificate Validation due to Apache Pulsar Brokers and Proxies creating an internal Pulsar Admin Client that does not verify peer TLS certificates, even when `tlsAllowInsecureConnection` is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients.An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. How to fix Improper Certificate Validation? Upgrade `org.apache.pulsar:pulsar-broker` to version 2.7.5, 2.8.4, 2.9.3, 2.10.1 or higher.	[,2.7.5)[2.8.0,2.8.4)[2.9.0,2.9.3)[2.10.0,2.10.1)

Vulnerability

Vulnerable Version

Improper Authorization

Affected versions of this package are vulnerable to Improper Authorization in namespace and topic management endpoints. An attacker with produce or consume permissions can perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction, which should be restricted to users with the tenant admin role or superuser role.

Note: The vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.

How to fix Improper Authorization?

Upgrade org.apache.pulsar:pulsar-broker to version 3.0.4, 3.2.2 or higher.

[2.7.1,3.0.4)[3.1.0,3.2.2)

Improper Authorization

Affected versions of this package are vulnerable to Improper Authorization on topic-level policy management. An attacker can bypass access restrictions and modify topic-level policies without proper permissions.

How to fix Improper Authorization?

Upgrade org.apache.pulsar:pulsar-broker to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.

[2.7.1,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)

Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions.

Note This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".

How to fix Improper Input Validation?

Upgrade org.apache.pulsar:pulsar-broker to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.

[2.4.0,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') due to improper validation of filenames in uploaded jar or nar files, which are essentially zip files. An attacker can create or modify files outside of the designated extraction directory, potentially influencing system behavior by uploading a malicious file that exploits directory traversal with special elements like .. in the filenames.

Note: This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".

How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')?

Upgrade org.apache.pulsar:pulsar-broker to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.

[2.4.0,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)

Improper Access Control

Affected versions of this package are vulnerable to Improper Access Control due to the capability that permits authenticated users to create functions where the function's implementation is referenced by a URL, including schemes like file, http, and https. An attacker can gain unauthorized access to any file that the process has permission to read, including sensitive information in the process environment, by creating a function with a URL pointing to the desired file. Furthermore, this vulnerability can be exploited to use the process as a proxy to access the content of remote HTTP and HTTPS endpoint URLs, which could be leveraged to carry out denial-of-service attacks.

Note: This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".

How to fix Improper Access Control?

Upgrade org.apache.pulsar:pulsar-broker to version 2.10.6, 2.11.4, 3.0.3, 3.1.3, 3.2.1 or higher.

[2.4.0,2.10.6)[2.11.0,2.11.4)[3.0.0,3.0.3)[3.1.0,3.1.3)[3.2.0,3.2.1)

Improper Authentication

Affected versions of this package are vulnerable to Improper Authentication through the /pingpong endpoint. An attacker can connect to the endpoint without requiring authentication, potentially leading to denial of service due to the WebSocket Proxy accepting any connections and excessive data transfer through misuse of the WebSocket ping/pong feature.

How to fix Improper Authentication?

Upgrade org.apache.pulsar:pulsar-broker to version 2.10.5, 2.11.2, 3.0.1 or higher.

[2.8.0,2.10.5)[2.11.0,2.11.2)[3.0.0,3.0.1)

Incorrect Authorization

Affected versions of this package are vulnerable to Incorrect Authorization allowing an authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role.

Note:

The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability. There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic-level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.

How to fix Incorrect Authorization?

Upgrade org.apache.pulsar:pulsar-broker to version 2.10.4, 2.11.1 or higher.

[2.9,2.10.4)[2.11,2.11.1)

Insufficient Session Expiration

Affected versions of this package are vulnerable to Insufficient Session Expiration which allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.

How to fix Insufficient Session Expiration?

Upgrade org.apache.pulsar:pulsar-broker to version 2.9.5, 2.10.4, 2.11.1 or higher.

[,2.9.5)[2.10.0,2.10.4)[2.11.0,2.11.1)

Improper Certificate Validation

Affected versions of this package are vulnerable to Improper Certificate Validation due to Apache Pulsar Brokers and Proxies creating an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients.An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack.

How to fix Improper Certificate Validation?

Upgrade org.apache.pulsar:pulsar-broker to version 2.7.5, 2.8.4, 2.9.3, 2.10.1 or higher.

[,2.7.5)[2.8.0,2.8.4)[2.9.0,2.9.3)[2.10.0,2.10.1)

org.apache.pulsar:pulsar-broker@2.9.2 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?