FHN Summary:
A security bypass vulnerability found in Apache Pulsar.
Vulnerability Identifier: CVE-2020-17520
The vulnerability is caused due to a flaw in the permission verification mechanism and rated with Base Score: 9.4
In addition, An unauthenticated remote attacker can exploit this vulnerability by constructing special URLs.
However, Successful exploitation can enable an attacker to bypass pulsar-managers admin and gain access to any HTTP API.
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Pulsar Manager 0.1.0
Non-Vulnerable Platforms:
Apache Pulsar Manager 0.2.0 or later
Platform:
MacOS, Linux
Mitigation:
However, Apache has released security updates regarding this vulnerability. Users of the affected versions should apply one of the following mitigations: – Upgrade to Pulsar Manager 0.2.0 or later.
Follow Us on: Twitter, Instagram, Facebook to get latest security news!
About the Author
Its as if you read my brain! You may actually know a lot concerning this,
like
you wrote the reserve in it or something. I think that you could
do with
some pics to drive the warning home a bit, but besides that,
this is fantastic blog. A fantastic read. I’ll definitely
be back.