8.2

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-30428

GHSA ID

GHSA-j2r7-3rvw-g7gx

EPSS Score

0.28315%

CWE

CWE-863

Published

7/12/2023

Updated

11/7/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-30428

CVE-2023-30428: Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.

The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.

There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.

2.8 Pulsar Broker users and earlier are unaffected. 2.9 Pulsar Broker users should upgrade to one of the patched versions. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-30428

CVE-2023-30428:

8.2

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-30428

GHSA ID

GHSA-j2r7-3rvw-g7gx

EPSS Score

0.28315%

CWE

CWE-863

Published

7/12/2023

Updated

11/7/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.pulsar:pulsar-broker	maven	>= 2.9.0, < 2.10.4	2.10.4
org.apache.pulsar:pulsar-broker	maven	= 2.11.0	2.11.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers on improper authorization when using custom HTTP headers to assume admin privileges. The REST producer endpoint (ProducerWebResource.postMessage) is the primary entry point for message production via HTTP and would be responsible for parsing headers and enforcing authorization. ServerCnx.handleProducer is involved in producer creation and could propagate the improperly authorized role. The high confidence for ProducerWebResource.postMessage stems from its direct role in REST message production, while ServerCnx.handleProxyProtocolHeader receives medium confidence due to its potential role in processing client connections. The absence of patch details limits absolute certainty, but these functions align with the described attack vector and authorization flaw.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.2

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-30428: Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

CVE-2023-30428:

8.2

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

8.2

8.2

CVE-2023-30428: Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI