CVE-2022-24280

EPSS 0.22%
Published 23.09.2022 10:15:10
Last modified 22.05.2025 21:15:20
Source security@apache.org
Teams watchlist Login
Open Login

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Pulsar Version <= 2.6.4

Apache ≫ Pulsar Version >= 2.7.0 < 2.7.5

Apache ≫ Pulsar Version >= 2.8.0 < 2.8.3

Apache ≫ Pulsar Version >= 2.9.0 < 2.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.451

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/ghs9jtjfbpy4c6xcftyvkl6swznlom1v

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-24280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24280

EUVD