Main Vulnerability Database Vulnerabilities #VU67594

#VU67594 Improper validation of certificate with host mismatch in Apache Pulsar - CVE-2022-33682

Published: September 22, 2022

Vulnerability identifier: #VU67594

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-33682

CWE-ID: CWE-297

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Pulsar

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client. A remote attacker can perform MitM attack.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2022/q3/227

#VU67594 Improper validation of certificate with host mismatch in Apache Pulsar - CVE-2022-33682

Description

Remediation

External links

Please verify you're human