cvelistv5 - cve-2023-30429

cve-2023-30429

Vulnerability from cvelistv5

Published

2023-07-12 09:08

Modified

2024-10-03 20:43

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Summary

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role. The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.

References

▼	URL	Tags
	security@apache.org	https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Pulsar	Version: 0 ≤ Version: 2.11.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T14:21:44.815Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "pulsar",
                  vendor: "apache",
                  versions: [
                     {
                        lessThan: "2.10.4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "pulsar",
                  vendor: "apache",
                  versions: [
                     {
                        status: "affected",
                        version: "2.11.0",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-30429",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T20:40:14.505445Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T20:43:48.694Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Apache Pulsar",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     lessThan: "2.10.4",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     status: "affected",
                     version: "2.11.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Michael Marshall of DataStax",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.<br><br>This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.<br><br>When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.<br><br>The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.<br><br>2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.<br>2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.<br>3.0 Pulsar Function Worker users are unaffected.<br>Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.<br>",
                  },
               ],
               value: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 9.6,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-863",
                     description: "CWE-863 Incorrect Authorization",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-12T09:08:23.703Z",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
            },
         ],
         source: {
            discovery: "INTERNAL",
         },
         title: "Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2023-30429",
      datePublished: "2023-07-12T09:08:23.703Z",
      dateReserved: "2023-04-08T03:30:20.317Z",
      dateUpdated: "2024-10-03T20:43:48.694Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.10.4\", \"matchCriteriaId\": \"93203072-AF2C-4C1C-9185-709395C44315\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D3BCDDD-21DA-47B6-A8F4-76822E11662B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:2.11.0:candidate_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB395C43-88B4-4DE3-8ADC-D276C86250D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:2.11.0:candidate_5:*:*:*:*:*:*\", \"matchCriteriaId\": \"E90E85B9-B04D-4BCB-B7A8-7526C991F022\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\\n\\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\\n\\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\\n\\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\\n\\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\\n3.0 Pulsar Function Worker users are unaffected.\\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\\n\"}]",
         id: "CVE-2023-30429",
         lastModified: "2024-11-21T08:00:10.013",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
         published: "2023-07-12T10:15:09.937",
         references: "[{\"url\": \"https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
         sourceIdentifier: "security@apache.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2023-30429\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-07-12T10:15:09.937\",\"lastModified\":\"2024-11-21T08:00:10.013\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\\n\\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\\n\\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\\n\\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\\n\\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\\n3.0 Pulsar Function Worker users are unaffected.\\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.4\",\"matchCriteriaId\":\"93203072-AF2C-4C1C-9185-709395C44315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D3BCDDD-21DA-47B6-A8F4-76822E11662B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:2.11.0:candidate_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB395C43-88B4-4DE3-8ADC-D276C86250D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:2.11.0:candidate_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90E85B9-B04D-4BCB-B7A8-7526C991F022\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:21:44.815Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-30429\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T20:40:14.505445Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"pulsar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.10.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"pulsar\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.11.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T20:43:41.850Z\"}}], \"cna\": {\"title\": \"Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Michael Marshall of DataStax\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Pulsar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.10.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.11.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\\n\\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\\n\\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\\n\\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\\n\\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\\n3.0 Pulsar Function Worker users are unaffected.\\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.<br><br>This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.<br><br>When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.<br><br>The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.<br><br>2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.<br>2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.<br>3.0 Pulsar Function Worker users are unaffected.<br>Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.<br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-07-12T09:08:23.703Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2023-30429\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-03T20:43:48.694Z\", \"dateReserved\": \"2023-04-08T03:30:20.317Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-07-12T09:08:23.703Z\", \"assignerShortName\": \"apache\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

fkie_cve-2023-30429

Vulnerability from fkie_nvd

Published

2023-07-12 10:15

Modified

2024-11-21 08:00

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security@apache.org	https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8	Mailing List, Vendor Advisory

Impacted products

Vendor	Product	Version
apache	pulsar	*
apache	pulsar	2.11.0
apache	pulsar	2.11.0
apache	pulsar	2.11.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "93203072-AF2C-4C1C-9185-709395C44315",
                     versionEndExcluding: "2.10.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "8D3BCDDD-21DA-47B6-A8F4-76822E11662B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:pulsar:2.11.0:candidate_1:*:*:*:*:*:*",
                     matchCriteriaId: "AB395C43-88B4-4DE3-8ADC-D276C86250D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:pulsar:2.11.0:candidate_5:*:*:*:*:*:*",
                     matchCriteriaId: "E90E85B9-B04D-4BCB-B7A8-7526C991F022",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
      },
   ],
   id: "CVE-2023-30429",
   lastModified: "2024-11-21T08:00:10.013",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 9.6,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.1,
            impactScore: 5.8,
            source: "security@apache.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-12T10:15:09.937",
   references: [
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
      },
   ],
   sourceIdentifier: "security@apache.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "security@apache.org",
         type: "Primary",
      },
   ],
}

ghsa-g9cv-v3v4-3h8r

Vulnerability from github

Published

2023-07-12 12:31

Modified

2023-07-12 17:30

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Summary

Apache Pulsar Incorrect Authorization vulnerability

Details

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.

This issue affects Apache Pulsar: before 2.10.4, and 2.11.0.

When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.

The recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.

2.10 Pulsar Function Worker users should upgrade to at least 2.10.4. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.1. 3.0 Pulsar Function Worker users are unaffected. Any users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.pulsar:pulsar",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "2.10.4",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.pulsar:pulsar",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "2.11.0",
                  },
                  {
                     fixed: "2.11.1",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
         versions: [
            "2.11.0",
         ],
      },
   ],
   aliases: [
      "CVE-2023-30429",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-863",
      ],
      github_reviewed: true,
      github_reviewed_at: "2023-07-12T17:30:06Z",
      nvd_published_at: "2023-07-12T10:15:09Z",
      severity: "CRITICAL",
   },
   details: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
   id: "GHSA-g9cv-v3v4-3h8r",
   modified: "2023-07-12T17:30:06Z",
   published: "2023-07-12T12:31:36Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2023-30429",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/apache/pulsar",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
         type: "CVSS_V3",
      },
   ],
   summary: "Apache Pulsar Incorrect Authorization vulnerability",
}

gsd-2023-30429

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-30429

Aliases

CVE-2023-30429

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2023-30429",
      id: "GSD-2023-30429",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2023-30429",
         ],
         details: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
         id: "GSD-2023-30429",
         modified: "2023-12-13T01:20:52.061743Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "security@apache.org",
            ID: "CVE-2023-30429",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "Apache Pulsar",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_name: "0",
                                       version_value: "2.10.4",
                                    },
                                    {
                                       version_affected: "=",
                                       version_value: "2.11.0",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Apache Software Foundation",
                  },
               ],
            },
         },
         credits: [
            {
               lang: "en",
               value: "Michael Marshall of DataStax",
            },
         ],
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
               },
            ],
         },
         generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
         impact: {
            cvss: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 9.6,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  version: "3.1",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        cweId: "CWE-863",
                        lang: "eng",
                        value: "CWE-863 Incorrect Authorization",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
                  refsource: "MISC",
                  url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
               },
            ],
         },
         source: {
            discovery: "INTERNAL",
         },
      },
      "gitlab.com": {
         advisories: [
            {
               affected_range: "(,2.10.4),[2.11.0]",
               affected_versions: "All versions before 2.10.4, version 2.11.0",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-863",
                  "CWE-937",
               ],
               date: "2023-07-20",
               description: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
               fixed_versions: [
                  "2.10.4",
                  "2.11.1",
               ],
               identifier: "CVE-2023-30429",
               identifiers: [
                  "CVE-2023-30429",
               ],
               not_impacted: "All versions starting from 2.10.4 before 2.11.0, all versions after 2.11.0",
               package_slug: "maven/org.apache.pulsar/pulsar-broker-common",
               pubdate: "2023-07-12",
               solution: "Upgrade to versions 2.10.4, 2.11.1 or above.",
               title: "Incorrect Authorization",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2023-30429",
                  "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
               ],
               uuid: "0a9cb5ad-c98d-4e19-89b5-a3cb7bb82290",
            },
            {
               affected_range: "(,2.10.4),[2.11.0]",
               affected_versions: "All versions before 2.10.4, version 2.11.0",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-863",
                  "CWE-937",
               ],
               date: "2023-07-20",
               description: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
               fixed_versions: [
                  "2.10.4",
                  "2.11.1",
               ],
               identifier: "CVE-2023-30429",
               identifiers: [
                  "CVE-2023-30429",
               ],
               not_impacted: "All versions starting from 2.10.4 before 2.11.0, all versions after 2.11.0",
               package_slug: "maven/org.apache.pulsar/pulsar-broker",
               pubdate: "2023-07-12",
               solution: "Upgrade to versions 2.10.4, 2.11.1 or above.",
               title: "Incorrect Authorization",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2023-30429",
                  "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
               ],
               uuid: "fc76ee32-7b8d-4bc8-b1ca-f11ee22f3b09",
            },
            {
               affected_range: "(,2.10.4),[2.11.0]",
               affected_versions: "All versions before 2.10.4, version 2.11.0",
               cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-863",
                  "CWE-937",
               ],
               date: "2023-07-12",
               description: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
               fixed_versions: [
                  "2.10.4",
                  "2.11.1",
               ],
               identifier: "CVE-2023-30429",
               identifiers: [
                  "GHSA-g9cv-v3v4-3h8r",
                  "CVE-2023-30429",
               ],
               not_impacted: "All versions starting from 2.10.4 before 2.11.0, all versions after 2.11.0",
               package_slug: "maven/org.apache.pulsar/pulsar",
               pubdate: "2023-07-12",
               solution: "Upgrade to versions 2.10.4, 2.11.1 or above.",
               title: "Incorrect Authorization",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2023-30429",
                  "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
                  "https://github.com/advisories/GHSA-g9cv-v3v4-3h8r",
               ],
               uuid: "912fecab-06a1-4c44-b48e-78df2bce36df",
            },
         ],
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:pulsar:2.11.0:candidate_1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:pulsar:2.11.0:candidate_5:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.10.4",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               ID: "CVE-2023-30429",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-863",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
                     refsource: "MISC",
                     tags: [
                        "Mailing List",
                        "Vendor Advisory",
                     ],
                     url: "https://lists.apache.org/thread/v0gcvvxswr830314q4b1kybsfmcf3jf8",
                  },
               ],
            },
         },
         impact: {
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 2.8,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2023-07-20T16:47Z",
         publishedDate: "2023-07-12T10:15Z",
      },
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2023-30429

Vulnerability from cvelistv5

fkie_cve-2023-30429

Vulnerability from fkie_nvd

ghsa-g9cv-v3v4-3h8r

Vulnerability from github

gsd-2023-30429

Vulnerability from gsd

Tags

Sightings

Nomenclature