CVE-2021-22160
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
1.68 % (88th)
Affected Products
1
Advisories
1
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins).
Weaknesses
- CWE-347
- Improper Verification of Cryptographic Signature
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2021-05-26 13:15:07
(3 years ago) - Updated Date
-
2023-11-07 03:30:09
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...