CVE-2022-24280Improper Input Validation in Apache Pulsar

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 54.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache PulsarApache Software Foundation Apache Pulsar
Timeline
PublishedSep 23
Latest updateSep 25

Description

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy auth

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/pulsar2.7.02.7.5+3
CVEListV5apache_software_foundation/apache_pulsar2.72.7.4+3

🔴Vulnerability Details

3
OSV
Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint2022-09-25
GHSA
Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint2022-09-25
CVEList
Apache Pulsar Proxy target broker address isn't validated2022-09-23
CVE-2022-24280 — Improper Input Validation in Apache | cvebase