CVE-2024-28098: Apache Pulsar: Improper Authorization For Topic-Level Policy Management

CVE-2024-28098: Apache Pulsar: Improper Authorization For Topic-Level Policy Management

Open Source Security [[{„value“:“

Posted by Lari Hotari on Mar 12

Affected versions:

– Apache Pulsar 2.7.1 before 2.10.6
– Apache Pulsar 2.11.0 before 2.11.4
– Apache Pulsar 3.0.0 before 3.0.3
– Apache Pulsar 3.1.0 before 3.1.3
– Apache Pulsar 3.2.0 before 3.2.1

Description:

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies,
such as retention, TTL, and offloading settings. These management operations should be restricted to users with the…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert