CVE-2021-22160

CWE-3474 documents4 sources

Severity

9.8CRITICAL

EPSS

18.5%

top 4.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Pulsar Apache Pulsar

Timeline

PublishedMay 26

Latest updateJun 1

Description

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/pulsar< 2.7.1

▶Mavenorg.apache.pulsar:pulsar< 2.7.2

▶CVEListV5apache_software_foundation/apache_pulsarApache Pulsar — 2.7.1

🔴Vulnerability Details

OSV

Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow↗2021-06-01

▶

GHSA

Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow↗2021-06-01

▶

CVEList

Authentication with JWT allows use of “none”-algorithm↗2021-05-26

▶