A security bypass vulnerability found in Apache Pulsar.
Vulnerability Identifier: CVE-2020-17520
The vulnerability is caused due to a flaw in the permission verification mechanism and rated with Base Score: 9.4
In addition, An unauthenticated remote attacker can exploit this vulnerability by constructing special URLs.
However, Successful exploitation can enable an attacker to bypass pulsar-managers admin and gain access to any HTTP API.
The Apache Software Foundation
Apache Pulsar Manager 0.1.0
Apache Pulsar Manager 0.2.0 or later
However, Apache has released security updates regarding this vulnerability. Users of the affected versions should apply one of the following mitigations: – Upgrade to Pulsar Manager 0.2.0 or later.