CVE-2020-17520

MEDIUM

Pulsar manager <0.1.0 - Auth Bypass

Title source: llm

Description

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

References (1)

Core 1

Core References

Mailing List, Vendor Advisory x_refsource_misc

https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E

Scores

CVSS v3 6.5

EPSS 0.0025

EPSS Percentile 47.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

apache/pulsar_manager 0.1.0

Published Dec 18, 2020

Tracked Since Feb 18, 2026