CVE-2023-51437 (GCVE-0-2023-51437)
Vulnerability from cvelistv5 – Published: 2024-02-07 09:18 – Updated: 2024-08-02 22:32
VLAI?
Summary
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.
Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.
2.11 Pulsar users should upgrade to at least 2.11.3.
3.0 Pulsar users should upgrade to at least 3.0.2.
3.1 Pulsar users should upgrade to at least 3.1.1.
Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.
For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .
Severity ?
7.4 (High)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Pulsar |
Affected:
0 , ≤ 2.10.5
(semver)
Affected: 2.11.0 , ≤ 2.11.2 (semver) Affected: 3.0.0 , ≤ 3.0.1 (semver) Affected: 3.1.0 |
Credits
Yiheng Cao
Chenhao Lu
Kaifeng Huang
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T15:10:54.777111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:56.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/07/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Pulsar",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.10.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yiheng Cao"
},
{
"lang": "en",
"type": "finder",
"value": "Chenhao Lu "
},
{
"lang": "en",
"type": "finder",
"value": "Kaifeng Huang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\u003c/p\u003e2.11 Pulsar users should upgrade to at least 2.11.3.\u003cbr\u003e3.0 Pulsar users should upgrade to at least 3.0.2.\u003cbr\u003e3.1 Pulsar users should upgrade to at least 3.1.1.\u003cbr\u003e\u003cdiv\u003eAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003eFor additional details on this attack vector, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codahale.com/a-lesson-in-timing-attacks/\"\u003ehttps://codahale.com/a-lesson-in-timing-attacks/\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\nUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\n\nAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\n\n2.11 Pulsar users should upgrade to at least 2.11.3.\n3.0 Pulsar users should upgrade to at least 3.0.2.\n3.1 Pulsar users should upgrade to at least 3.1.1.\nAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\n\nFor additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T08:38:36.247Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/02/07/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Pulsar: Timing attack in SASL token signature verification",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-51437",
"datePublished": "2024-02-07T09:18:19.080Z",
"dateReserved": "2023-12-19T06:13:58.560Z",
"dateUpdated": "2024-08-02T22:32:09.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.10.5\", \"matchCriteriaId\": \"1DA223E6-F59D-4BB5-971A-1CC1914C70E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.11.0\", \"versionEndExcluding\": \"2.11.3\", \"matchCriteriaId\": \"CDA5C2BD-D15D-40F8-8418-8382248881E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.0.2\", \"matchCriteriaId\": \"F07DBEFA-B9F0-4497-B85A-41C753961E70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:3.1.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"447E0901-B5CA-42BE-B894-41E158B123AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:pulsar:3.1.0:candidate_1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA3F2622-FDD4-48B9-81E3-6BE8B553F77C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\\nUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\\n\\nAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\\n\\n2.11 Pulsar users should upgrade to at least 2.11.3.\\n3.0 Pulsar users should upgrade to at least 3.0.2.\\n3.1 Pulsar users should upgrade to at least 3.1.1.\\nAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\\n\\nFor additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de discrepancia de tiempo observable en Apache Pulsar SASL Authentication Provider puede permitir a un atacante falsificar un token de funci\\u00f3n SASL que pasar\\u00e1 la verificaci\\u00f3n de firma. Se recomienda a los usuarios actualizar a la versi\\u00f3n 2.11.3, 3.0.2 o 3.1.1, que soluciona el problema. Los usuarios tambi\\u00e9n deber\\u00edan considerar actualizar el secreto configurado en el archivo `saslJaasServerRoleTokenSignerSecretPath`. Cualquier componente que coincida con una versi\\u00f3n anterior que ejecute el proveedor de autenticaci\\u00f3n SASL se ver\\u00e1 afectado. Eso incluye Pulsar Broker, Proxy, Websocket Proxy o Function Worker. 2.11 Los usuarios de Pulsar deben actualizar al menos a 2.11.3. Los usuarios de Pulsar 3.0 deben actualizar al menos a 3.0.2. 3.1 Los usuarios de Pulsar deben actualizar al menos a 3.1.1. Cualquier usuario que ejecute Pulsar 2.8, 2.9, 2.10 y versiones anteriores debe actualizar a una de las versiones parcheadas anteriores. Para obtener detalles adicionales sobre este vector de ataque, consulte https://codahale.com/a-lesson-in-timing-attacks/.\"}]",
"id": "CVE-2023-51437",
"lastModified": "2024-11-21T08:38:06.947",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}]}",
"published": "2024-02-07T10:15:08.137",
"references": "[{\"url\": \"https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/02/07/1\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/02/07/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-51437\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-02-07T10:15:08.137\",\"lastModified\":\"2024-11-21T08:38:06.947\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\\nUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\\n\\nAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\\n\\n2.11 Pulsar users should upgrade to at least 2.11.3.\\n3.0 Pulsar users should upgrade to at least 3.0.2.\\n3.1 Pulsar users should upgrade to at least 3.1.1.\\nAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\\n\\nFor additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de discrepancia de tiempo observable en Apache Pulsar SASL Authentication Provider puede permitir a un atacante falsificar un token de funci\u00f3n SASL que pasar\u00e1 la verificaci\u00f3n de firma. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.11.3, 3.0.2 o 3.1.1, que soluciona el problema. Los usuarios tambi\u00e9n deber\u00edan considerar actualizar el secreto configurado en el archivo `saslJaasServerRoleTokenSignerSecretPath`. Cualquier componente que coincida con una versi\u00f3n anterior que ejecute el proveedor de autenticaci\u00f3n SASL se ver\u00e1 afectado. Eso incluye Pulsar Broker, Proxy, Websocket Proxy o Function Worker. 2.11 Los usuarios de Pulsar deben actualizar al menos a 2.11.3. Los usuarios de Pulsar 3.0 deben actualizar al menos a 3.0.2. 3.1 Los usuarios de Pulsar deben actualizar al menos a 3.1.1. Cualquier usuario que ejecute Pulsar 2.8, 2.9, 2.10 y versiones anteriores debe actualizar a una de las versiones parcheadas anteriores. Para obtener detalles adicionales sobre este vector de ataque, consulte https://codahale.com/a-lesson-in-timing-attacks/.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.10.5\",\"matchCriteriaId\":\"1DA223E6-F59D-4BB5-971A-1CC1914C70E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.11.0\",\"versionEndExcluding\":\"2.11.3\",\"matchCriteriaId\":\"CDA5C2BD-D15D-40F8-8418-8382248881E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.2\",\"matchCriteriaId\":\"F07DBEFA-B9F0-4497-B85A-41C753961E70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:3.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"447E0901-B5CA-42BE-B894-41E158B123AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:pulsar:3.1.0:candidate_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3F2622-FDD4-48B9-81E3-6BE8B553F77C\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/02/07/1\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/02/07/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/02/07/1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:32:09.454Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-51437\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-07T15:10:54.777111Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:44.460Z\"}}], \"cna\": {\"title\": \"Apache Pulsar: Timing attack in SASL token signature verification\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Yiheng Cao\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Chenhao Lu \"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kaifeng Huang\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Pulsar\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.10.5\"}, {\"status\": \"affected\", \"version\": \"2.11.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.11.2\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.0.1\"}, {\"status\": \"affected\", \"version\": \"3.1.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/02/07/1\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\\nUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\\n\\nAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\\n\\n2.11 Pulsar users should upgrade to at least 2.11.3.\\n3.0 Pulsar users should upgrade to at least 3.0.2.\\n3.1 Pulsar users should upgrade to at least 3.1.1.\\nAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\\n\\nFor additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\u003c/p\u003e2.11 Pulsar users should upgrade to at least 2.11.3.\u003cbr\u003e3.0 Pulsar users should upgrade to at least 3.0.2.\u003cbr\u003e3.1 Pulsar users should upgrade to at least 3.1.1.\u003cbr\u003e\u003cdiv\u003eAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003eFor additional details on this attack vector, please refer to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://codahale.com/a-lesson-in-timing-attacks/\\\"\u003ehttps://codahale.com/a-lesson-in-timing-attacks/\u003c/a\u003e.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-07-22T08:38:36.247Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-51437\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T22:32:09.454Z\", \"dateReserved\": \"2023-12-19T06:13:58.560Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-02-07T09:18:19.080Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…