{"containers": {"cna": {"affected": [{"product": "Apache Pulsar", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.7.1", "status": "affected", "version": "Apache Pulsar", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to \"none\". This allows an attacker to connect to Pulsar instances as any user (incl. admins)."}], "problemTypes": [{"descriptions": [{"description": "token not validated", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-04T20:06:14", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cusers.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Cutting 2.6.4 release to address CVE-2021-22160", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf2e90942996dceebac8296abf39257cfeb5ae918f82f7af3d37a48c5%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \"none\"-algorithm", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-users] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \"none\"-algorithm", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550%40%3Cusers.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Re: Cutting 2.6.4 release to address CVE-2021-22160", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8e545559781231a83bf0644548c660255859e52feb86bbfcd42590da%40%3Cdev.pulsar.apache.org%3E"}, {"name": "Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \u201cnone\u201d-algorithm", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9a12b4da2f26ce9b8f7e7117a879efaa973dab7e54717bbc7923fab1%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210531 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rbe845aa1573a61769b9c5916c62971f4b10de87c2ea5f38a97f0cf84%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210604 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rca54f4b26ba5e6f2e39732b47ec51640e89f57e3b6a38ac3bab314df%40%3Cdev.pulsar.apache.org%3E"}], "source": {"discovery": "UNKNOWN"}, "title": "Authentication with JWT allows use of \u201cnone\u201d-algorithm", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-22160", "STATE": "PUBLIC", "TITLE": "Authentication with JWT allows use of \u201cnone\u201d-algorithm"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Pulsar", "version": {"version_data": [{"version_affected": "<", "version_name": "Apache Pulsar", "version_value": "2.7.1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to \"none\". This allows an attacker to connect to Pulsar instances as any user (incl. admins)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "token not validated"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cusers.pulsar.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cusers.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Cutting 2.6.4 release to address CVE-2021-22160", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf2e90942996dceebac8296abf39257cfeb5ae918f82f7af3d37a48c5@%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \"none\"-algorithm", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550@%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-users] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \"none\"-algorithm", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550@%3Cusers.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Re: Cutting 2.6.4 release to address CVE-2021-22160", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8e545559781231a83bf0644548c660255859e52feb86bbfcd42590da@%3Cdev.pulsar.apache.org%3E"}, {"name": "Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \u201cnone\u201d-algorithm", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9a12b4da2f26ce9b8f7e7117a879efaa973dab7e54717bbc7923fab1%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210531 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbe845aa1573a61769b9c5916c62971f4b10de87c2ea5f38a97f0cf84@%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210604 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rca54f4b26ba5e6f2e39732b47ec51640e89f57e3b6a38ac3bab314df@%3Cdev.pulsar.apache.org%3E"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.090Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cusers.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Cutting 2.6.4 release to address CVE-2021-22160", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf2e90942996dceebac8296abf39257cfeb5ae918f82f7af3d37a48c5%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \"none\"-algorithm", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-users] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \"none\"-algorithm", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550%40%3Cusers.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210527 Re: Cutting 2.6.4 release to address CVE-2021-22160", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8e545559781231a83bf0644548c660255859e52feb86bbfcd42590da%40%3Cdev.pulsar.apache.org%3E"}, {"name": "Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of \u201cnone\u201d-algorithm", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9a12b4da2f26ce9b8f7e7117a879efaa973dab7e54717bbc7923fab1%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210531 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rbe845aa1573a61769b9c5916c62971f4b10de87c2ea5f38a97f0cf84%40%3Cdev.pulsar.apache.org%3E"}, {"name": "[pulsar-dev] 20210604 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rca54f4b26ba5e6f2e39732b47ec51640e89f57e3b6a38ac3bab314df%40%3Cdev.pulsar.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-22160", "datePublished": "2021-05-26T12:22:31", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:37:18.090Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97EC45B-CE27-4BD1-9615-E71D4FD76A0C", "versionEndExcluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to \"none\". This allows an attacker to connect to Pulsar instances as any user (incl. admins)."}, {"lang": "es", "value": "Si Apache Pulsar est\u00e1 configurado para autenticar clientes utilizando tokens basados ??en JSON Web Tokens (JWT), la firma del token no es comprobada si el algoritmo del token presentado se establece en \"none\".&#xa0;Esto permite a un atacante conectarse a las instancias de Pulsar como cualquier usuario (incluidos los administradores)"}], "id": "CVE-2021-22160", "lastModified": "2023-11-07T03:30:09.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-26T13:15:07.697", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cusers.pulsar.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r8e545559781231a83bf0644548c660255859e52feb86bbfcd42590da%40%3Cdev.pulsar.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r9a12b4da2f26ce9b8f7e7117a879efaa973dab7e54717bbc7923fab1%40%3Cdev.pulsar.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550%40%3Cdev.pulsar.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ra49cb62105154e4795b259c79a6b27d63bfa2ab5787ff8529b089550%40%3Cusers.pulsar.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rbe845aa1573a61769b9c5916c62971f4b10de87c2ea5f38a97f0cf84%40%3Cdev.pulsar.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rca54f4b26ba5e6f2e39732b47ec51640e89f57e3b6a38ac3bab314df%40%3Cdev.pulsar.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf2e90942996dceebac8296abf39257cfeb5ae918f82f7af3d37a48c5%40%3Cdev.pulsar.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}