Apache Pulsar Security Update Advisory (CVE-2023-51437)

Feb 06 2024

Overview

An update has been made available to fix vulnerabilities in Apache Pulsar. Users of affected versions are advised to update to the latest version.

Affected Products

Apache Pulsar

2.versions earlier than 11.3
3.versions above 0.0 and below 3.0.2
3.versions 1.0 and higher but lower than 3.1.1

Resolved Vulnerabilities

Timing mismatch vulnerability in the SASL authentication provider in Apache Pulsar (CVE-2023-51437)

Vulnerability Patches

Vulnerability patches were made available in the February 6, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

Apache Pulsar versions 2.11.3, 3.0.2, and 3.1.1

Referenced Sites

[1] CVE-2023-51437 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-51437
[2] Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
https://github.com/advisories/GHSA-c57v-4vg5-cm2x

Apache Pulsar Security Update Advisory (CVE-2023-51437)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Ivanti Product Security Update Advisory (CVE-2024-21888, CVE-2024-21893)

Elastic Network Drive Connector security update advisory (CVE-2024-23447)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Ivanti Product Security Update Advisory (CVE-2024-21888, CVE-2024-21893)

Elastic Network Drive Connector security update advisory (CVE-2024-23447)