How severe is CVE-2024-28098?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-28098?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-28098

MEDIUM Year: 2024

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

CVE-2017-2599

MEDIUM

CVSS:5.4(Medium)

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't hav...

CWE-8632017

CVE-2018-1000106

MEDIUM

CVSS:5.4(Medium)

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall...

CWE-8632018

CVE-2018-10212

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

CWE-8632018

CVE-2020-1725

MEDIUM

CVSS:5.4(Medium)

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok...

CWE-8632020

CVE-2020-26555

MEDIUM

CVSS:5.4(Medium)

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing withou...

CWE-8632020

CVE-2020-4794

MEDIUM

CVSS:5.4(Medium)

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensit...

CWE-8632020

CVE-2024-28098

Vulnerability Description

Related Vulnerabilities

CVE-2017-2599

CVE-2018-1000106

CVE-2018-10212

CVE-2020-1725

CVE-2020-26555

CVE-2020-4794