In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2020-12-18T20:48:08
Updated: 2020-12-18T20:48:08
Reserved: 2020-08-12T00:00:00
Link: CVE-2020-17520
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-18T21:15:12.597
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-17520
JSON object: View
Redhat Information
No data.
CWE