CVE-2021-22160

 

Published at: - 26-05-2021 03:15

Last modified: - 04-06-2022 04:49

Total changes: - 7

Description

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://lists.apache.org/thread.html/r347650d15a3e9c5f58b83e918b6ad6dedc2a63d3eb63da8e6a7be87e%40%3Cusers.pulsar.apache.org%3E
• [pulsar-dev] 20210527 Cutting 2.6.4 release to address CVE-2021-22160-Mailing List, Vendor Advisory
• [pulsar-users] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of "none"-algorithm-Mailing List, Vendor Advisory
• [pulsar-dev] 20210527 Re: Cutting 2.6.4 release to address CVE-2021-22160-Mailing List, Vendor Advisory
• [pulsar-dev] 20210527 Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of "none"-algorithm-Mailing List, Vendor Advisory
• [pulsar-dev] 20210531 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions-Mailing List, Vendor Advisory
• Re: [SECURITY] [CVE-2021-22160] Authentication with JWT allows use of “noneâ€?-algorithm-Mailing List, Vendor Advisory
• [pulsar-dev] 20210604 Re: [DISCUSS] Propose More Formal Policy for Security Patches and EOL of Versions-Mailing List, Vendor Advisory

 

Keywords

NVD

 

CVE-2021-22160

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures