CVE-2024-28098

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Mar 12, 2024

Updated: May 1, 2024

CWE ID 863

Summary

CVE-2024-28098 is a vulnerability affecting Apache Pulsar, which enables authenticated users with limited permissions to modify topic-level policies, including retention, TTL, and offloading settings. This is a significant issue as these management operations should only be accessible to users with the tenant admin or super user roles. This vulnerability affects various versions of Apache Pulsar, including from 2.7.1 to 2.10.5, 2.11.0 to 2.11.3, 3.0.0 to 3.0.2, 3.1.0 to 3.1.2, and 3.2.0. Users running these versions should upgrade to at least 2.10.6, 2.11.4, 3.0.3, 3.1.3, and 3.2.1, respectively. Those using older versions should upgrade to the patched versions or newer releases.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database