CVE-2023-37579

Summary

CVE-2023-37579: A new vulnerability impacts the Apache Pulsar Function Worker before versions 2.10.4 and 2.11.0. This Incorrect Authorization issue allows authenticated users to access unauthorized configuration data for sources and sinks, potentially revealing sensitive credentials. Although it's challenging for an attacker to guess source or sink names to exploit this vulnerability, upgrading to the patched versions is the recommended mitigation. Pulsar Function Worker users on versions 2.10 should upgrade to at least 2.10.4, while version 2.11 users should upgrade to at least 2.11.1. Version 3.0 users are unaffected, but those using versions 2.9.* and earlier must upgrade to one of the patched versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.