{"id":"CVE-2024-28098","details":"The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.\n\nThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Apache Pulsar users should upgrade to at least 2.10.6.\n2.11 Apache Pulsar users should upgrade to at least 2.11.4.\n3.0 Apache Pulsar users should upgrade to at least 3.0.3.\n3.1 Apache Pulsar users should upgrade to at least 3.1.3.\n3.2 Apache Pulsar users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.","aliases":["GHSA-g627-r579-rw35"],"modified":"2026-03-14T12:28:17.439691Z","published":"2024-03-12T19:15:48.177Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2024/03/12/12"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/3m6923y3wxpdcs9346sjvt8ql9swqc2z"},{"type":"ADVISORY","url":"https://pulsar.apache.org/security/CVE-2024-28098/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/pulsar","events":[{"introduced":"8ea4a39dc8bf6f2f23a160688bb70a80f6acfd4d"},{"fixed":"a76ddbe5af523b4aa541a2272c58f685ef05859f"},{"introduced":"97ee1a114aa1e5df05d86a9dd47f7fe7a2194211"},{"fixed":"b61587216f9d9ea8f6468edbbf6078658d2c0bc2"},{"introduced":"7636e8989f4d3fc24fce69a356d54e1c550945ed"},{"fixed":"a7ebc3de57cef9c068f2d018edc8b11fd328f6e3"},{"introduced":"8d89904bcc9e0a726435fec44e3eb03663924231"},{"fixed":"dcaf508f8e381107125e98722f4ddab76f9303ad"},{"introduced":"0"},{"last_affected":"802576372132617b5076a44004846f2dbabede08"}],"database_specific":{"versions":[{"introduced":"2.7.1"},{"fixed":"2.10.6"},{"introduced":"2.11.0"},{"fixed":"2.11.4"},{"introduced":"3.0.0"},{"fixed":"3.0.3"},{"introduced":"3.1.0"},{"fixed":"3.1.3"},{"introduced":"0"},{"last_affected":"3.2.0-NA"}]}}],"database_specific":{"vanir_signatures":[{"target":{"function":"setSchemaValidationEnforced","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-0222cea5","digest":{"function_hash":"310616592412619619389703229284369760296","length":866},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getSubscriptionLevelDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-08269197","digest":{"function_hash":"64047824250649573359917325690322095459","length":812},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setDeduplicationSnapshotInterval","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-08e31848","digest":{"function_hash":"313972394912785476436990829231153645126","length":819},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removePersistence","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-0c768e43","digest":{"function_hash":"53143400680268939876854915253177245875","length":850},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeOffloadPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-1697283a","digest":{"function_hash":"175063117544245437415879676925349123748","length":704},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeMaxProducers","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-1ce7e57f","digest":{"function_hash":"239900882405571614557643158219323321000","length":844},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeMaxConsumersPerSubscription","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-1d624dfe","digest":{"function_hash":"29812176354328376084255403281745904494","length":898},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-1df3edd7","digest":{"function_hash":"185924638935063383192739955466755238083","length":716},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setMaxUnackedMessagesOnConsumer","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-1fafd478","digest":{"function_hash":"335692557605034720716638564800968927329","length":820},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeSubscriptionLevelDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-280eb5f3","digest":{"function_hash":"63183061884524445893564497903638773989","length":991},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxUnackedMessagesOnConsumer","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-289972e7","digest":{"function_hash":"139420234118313432370394455486425571842","length":732},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"deleteDeduplicationSnapshotInterval","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-29e91e11","digest":{"function_hash":"204548069095422765504413189940239560144","length":718},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getSubscriptionTypesEnabled","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-2a78e8b3","digest":{"function_hash":"138129324663969710133317659547769649473","length":748},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getReplicatorDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-3a23fb14","digest":{"function_hash":"31577056415015491867548089891797401465","length":726},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeDeduplication","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-3af00f33","digest":{"function_hash":"221267758262608291440069693642148975506","length":702},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setSubscriptionLevelDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-43096131","digest":{"function_hash":"257893281920624479174561083207080489274","length":1116},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-44839d02","digest":{"function_hash":"170722080220239936774095524214502774643","length":861},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeCompactionThreshold","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-455327df","digest":{"function_hash":"292735625034814274793039889004384996268","length":875},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setMaxConsumersPerSubscription","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-481b0b01","digest":{"function_hash":"12385483530108195507166685622510637631","length":1098},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getOffloadPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-48a7b038","digest":{"function_hash":"329796655282666020186280559618042432935","length":719},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMessageTTL","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-49b78c78","digest":{"function_hash":"168011310992048653480549543187897816175","length":982},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setInactiveTopicPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-503c01b3","digest":{"function_hash":"94131547094843123517415075356127880804","length":795},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getAutoSubscriptionCreation","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-527106d3","digest":{"function_hash":"174379627161014225145908029813081575090","length":626},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setMaxSubscriptionsPerTopic","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-53d3d0b4","digest":{"function_hash":"85163248697301972235723353519295627937","length":994},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"examineMessage","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-57746664","digest":{"function_hash":"129827315426755514983843823393866403551","length":1235},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getSchemaValidationEnforced","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-5ab11f88","digest":{"function_hash":"106247932901423353208280378599636432931","length":839},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"deleteInactiveTopicPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-5ec7acc2","digest":{"function_hash":"298550818100503811431634344821066202477","length":710},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setPublishRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-5f0d10a0","digest":{"function_hash":"209042804371504227187225026468483656834","length":1069},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxConsumersPerSubscription","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-60c4c991","digest":{"function_hash":"236154684860918117624045951676306632344","length":745},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxProducers","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-63d21181","digest":{"function_hash":"239610924357128789128513301192632499884","length":716},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeSubscriptionTypesEnabled","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-667c32d7","digest":{"function_hash":"48443121526848950655631256075366429639","length":869},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeReplicatorDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-6abb865c","digest":{"function_hash":"115242428917657856135187016080359706128","length":876},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getPublishRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-6b83c879","digest":{"function_hash":"172267224354408439663787516212057148995","length":729},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxUnackedMessagesOnSubscription","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-748a404b","digest":{"function_hash":"38647649044174339551439528347052106796","length":736},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getInactiveTopicPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-789319fb","digest":{"function_hash":"70168789455491046869878601842545665522","length":725},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setMaxProducers","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-7dc53fa0","digest":{"function_hash":"155391959157679254476583276416168865288","length":945},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"file":"pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/TopicPoliciesAuthZTest.java"},"id":"CVE-2024-28098-7e7b602b","digest":{"threshold":0.9,"line_hashes":["69723521510463482698357097606689767621","302251882312222559222769273135381328641","233273104411976683061684682165651951346","8874369604925821800638841946466169815","313500476828300607372937610396274303004"]},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/a76ddbe5af523b4aa541a2272c58f685ef05859f","signature_version":"v1","signature_type":"Line"},{"target":{"function":"removeSubscriptionDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-7f760baa","digest":{"function_hash":"10910920614832328375054099781257089322","length":886},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setMessageTTL","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-8c15a864","digest":{"function_hash":"79852061579977403917684502533347777328","length":823},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-94a1893e","digest":{"function_hash":"153950057419566228592716894049765172652","length":1051},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeAutoSubscriptionCreation","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-9b38378d","digest":{"function_hash":"295062265075586152146904685471686871995","length":923},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-9b9882fd","digest":{"threshold":0.9,"line_hashes":["105402105926517994880103339957519827202","281375308604853349424548767397922541042","10246152605975127743545433532185586466","215317387132878654968604097026202041368","113976121108744602073610547771558652027","4109340725320259565481767942017596834","17414324153049251597857986238044736682","43408981361880693788379284171096113122","121481178549033226157889306891858053279","42231595221395771298310414871268782096","234093675979665992713483309428464129724","132149451454815909514249464410345485077","113976121108744602073610547771558652027","8672810395713925447243264379910992881","291668937698244251243056950576787625501","244918946101274870295686291521476087602","113976121108744602073610547771558652027","49432715993002008425943639227252761521","115227017597714427751575255697597337973","98690311903037262659278960909658605518","59919901190519896881284153596794825468","249074996340398875227816609689609718951","84323894737736895554805226300992879522","167952808158093682446215780151359456132","113976121108744602073610547771558652027","102044706353161930998154175039541824550","279900615150267913962493833391042516866","93085864157772943437457580254517404505","113976121108744602073610547771558652027","39552937364411140729221413434012010484","283003579130589499382389537077205080142","204219024256057607054910085855238715687","113976121108744602073610547771558652027","313832342709965493650027708362180941876","144793836938845298052101661123765230610","166481554056596077183339595272389344793","113976121108744602073610547771558652027","177547731890355559953438246420717755628","95552825674727300869219609581067355741","166646956508002774573874663508646880647","113976121108744602073610547771558652027","252648604298584427587276389744339888295","297090837792472335548048586199872374727","223290240476493137290674281886413319353","222983469386570171823197308797799000591","199499774128366057222145790355961999851","36297025376628399626477148878092825537","128607243813382928104358992445884344372","113976121108744602073610547771558652027","95318519190333732261267435690253313949","288886682087959730286469907277203365844","211977274832250346828251005039671605725","113976121108744602073610547771558652027","306305378349524035843100312377728741825","294074981876864145959089875930236023408","194488219594846569897795166618418734882","113976121108744602073610547771558652027","229581235195070438875718248200496538429","139289584686549694854699657012476836887","106993142753355837977306204954439830725","89160938355506686702415304874557064288","318590460830038988828591625815974400390","319075333816101368154260864045848557291","85026400954628458546243106459855255535","282270144899032588776897934317069653446","25959665529942363657938854614677977752","298015532548370201621484218289399260946","5499899475061112621339861728294223138","323299921582278226530769344715764705873","186753944423356839355138294551691282268","229650461867764442323567747926566275425","182441407721698681965103446596276291513","229333827333147334058235482089257446631","166746295126734076853071426941511079898","135064095714685336450892528791347958955","285148021636776316541690342343020245194","12117509740397803541189396250903048289","237337027637448930588970793412972945503","270007886107494078428848516916003711428","129086398374848112800748579591107707813","328681776218732106353375333142601033224","339875959753821081540982220182837835538","126730515556724765338149694898353737157","171834382146505309258890626141488685969","257916036102304179425835066960709536424","113976121108744602073610547771558652027","39552937364411140729221413434012010484","35827172755755147818954299713755306518","87690216830680429498467685365926488929","113976121108744602073610547771558652027","299559773083295262434936171532967259812","205837801133954253407449816625143034241","3958644650447009215826229053787337739","26521373153816039502200677993269704908","90463554613628236843831616671518360302","256886214111142862063163379992396583020","179038709069516471391916886214406087512","113976121108744602073610547771558652027","135928601540828932603672527221843058447","117900326642138310107053332380982777056","178935815413165204857142612307537364850","24002475676994316179935237631035614329","331144867860552053332931221023356217553","35936942015982923972102281030614021657","229179345490111895275446579839039977353","26521373153816039502200677993269704908","230714264421933158285521518118923916068","10969927287855801706919009597504462453","261387300303859069648926203062654287656","182441407721698681965103446596276291513","5599990383278299678141423067870600009","246043231192575568180581228204322761311","113976121108744602073610547771558652027","268109101578051967983917970723113734587","86877599052734741134509021397234427924","21991984244605432942428256532207213125","234408469795088959698248177731406221450","133778024907097486036776514920014070580","187359773228208336955256528322672500811","335259420017685109344862060577299507901","113976121108744602073610547771558652027","211977386962147487194752390081295454580","205511281119261739517024977585313031330","6564824494500108317179390553769332174","113976121108744602073610547771558652027","118055191083781801455404757013060595532","291640206137077418836358259080522037058","94644545360601089996208533629360761466","41966929306183447089419669355273004211","111619704393513685018340305241813460805","272775933200961870706088299586508342375","151095650335442354414517730203669718216","113976121108744602073610547771558652027","62457958657342172919583540491561084605","299197829429586500626054137728954531334","336972483569160488557284423544390454957","113976121108744602073610547771558652027","273076298003839573380175116233659764425","180877867350240451111348995861707951443","149328170071657004174085465085900852455","316443442259484141280565740261847223217","298073425534068714866588744418088895859","42685090779425318828602011939467702071","292345796081701316896855440251368455164","113976121108744602073610547771558652027","166203222323811929965288056887433222493","108122852849463936817079848456505049018","107277328812235472213722734798527531828","113976121108744602073610547771558652027","261705077778070477980953747226050176696","123883043919852081125878490971189822781","81424225990267225179126300738058412953","138688166008934884054579602557874699391","7866291657952959811251787810288414842","277942808323497603560592737662276019402","312465355125276608386032414613231380805","113976121108744602073610547771558652027","161491562256604257121497209284317398361","217376589053857242281562609099662244713","257708842827304090893287533170124843186","113976121108744602073610547771558652027","315197113761251978654452342024600132395","314884149554545891481985145883890911759","142892006899243865407062464248262805727","211521362521487800983792930338568908068","87174482303634314962791854503978681736","167988423827392429406890205677727798405","145645516053903130523382554305175325171","113976121108744602073610547771558652027","106257228326917645439495580172058102598","11711583386159590233817546831530832453","24733845926941019721652263470281911697","113976121108744602073610547771558652027","161678681304608791549196543713021483329","192456788835988168456431641152261227900","329123199524855027650411259332262789646","285193376308466190861676238600771475942","67737122316432024625373045709987852110","334608326057928554470815639920864043045","17202394386459461953000047874439430917","113976121108744602073610547771558652027","10634190395113280217431538248020899653","284527423004666333123485525980693383585","286262654946415597909886853434861196672","113976121108744602073610547771558652027","159947992325537172945433813751580657846","88427048994838117231153081213499924555","186606985809970761436620270429324257383","121715611374422187296050911529718855804","294098934967038552104008705088930871456","176376195025096353150229799434800504976","245046414628442093300563041399266056780","113976121108744602073610547771558652027","337848197415991805440498581214397400452","49167098794554031148111935029955390555","267949638122349871901467400206803728323","113976121108744602073610547771558652027","95208629431168155398298222587631458471","338768198233538382360490307009537470161","279451652909441952222836237757593825219","78709272866205817737607834033487451327","151815988783266705930125544508288777135","23562808867897822012602531971501887317","251507690532456454531769764028537239413","113976121108744602073610547771558652027","219357026877369533553973793854649318839","122222301901204467659886127049918781276","318363044194134044221498782450484472192","113976121108744602073610547771558652027","117276748962053543201404477068802971883","84068187781397562676011177336119665820","71909509408117815833355145825928324175","78709272866205817737607834033487451327","180358797254219948550431127976994694048","313594333276210429625229466842393723321","249849548370097168656103509714992385845","113976121108744602073610547771558652027","14725045224129978434712618252031034302","65394209315652198693505070032983632299","436637144478801903066570005196215560","113976121108744602073610547771558652027","140747398478435825963880526532033228866","273103919368681363284577651573418130523","243529526591050602041972625920147702973","295839458203848623350747752089016456368","232204554839044614313720036306628594975","40206501960680583286510832267591872302","305744497121913856570889581256700552775","113976121108744602073610547771558652027","311659516105657252949986201520509570317","12548212467773140078631683468445968567","217514354458137779879129467093766789301","113976121108744602073610547771558652027","6325995812813966046280382234541913509","42586277750132945780110250605683324925","156819661618615645532655678836111994872","156770768194975338815018184808633583968","80543531757321356376988257630718624445","45856454722561325241930472742429818791","224682888817577188489015207948834216936","113976121108744602073610547771558652027","178662376044711539938502584441497871472","108552947721501170868549810148438850461","235003543575280720692638136779360890884","113976121108744602073610547771558652027","137532269029899106266570526449182240072","265766310259264308620160446236689210267","7566469876958690981644631369431514684","11599818755965992004930755992292711364","173306222313215390216935757105623266680","276268270350428442316486177260919954765","205183647252344357833118252708270171104","113976121108744602073610547771558652027","289317538181326890676567833942942174004","268441254581011866354283294839579196036","148236694368293565782514622993589774158","113976121108744602073610547771558652027","56169276329197262067491239428496454992","72579639108810110709234767810735811735","285544728424193250290439030276965558070","263945837984388083996311261205917329482","27834534003595179918637489501919619809","308793467245390562438291127344920671168","116797371391294751030987685668877432856","113976121108744602073610547771558652027","124486846283365888992282474262234805740","76859872471739298068890015789546881598","93117424866273101830980748685942414533","113976121108744602073610547771558652027","98058646833549226912324331924120778348","75922681658378904929087670509908467532","110500632781627048379993029998034030017","109762024678516965312792558127482503361","174937398770909879456982288284636108943","61545741946239155484031968216434473739","152790943247125403572104395590551180700","109762024678516965312792558127482503361","315099767437125158730656952471767513517","3352589913996311798581134762601727883","299491690408570538231470741478452479999","300592227126018239937580324599112184208","28341041478477656918570689887762634000","196453287102479189480712412784491277613","144704820349658039340492436678342620108","81687184201767148309332617687968626328","289509243103891730785628552553787979237","293579536523101586539350344898941473172","128121713564463543142785913615717562644","227828461181925259014281942331437952391","259076889528228498840025208554310675882","256368524183164234842621126043804206388","265002156054724625492664879325429185272","26521373153816039502200677993269704908","202092424048066127798387153114541703519","213235777556718935852795978444254040085","267372318119980998919851650667944092080","113976121108744602073610547771558652027","51150239092257336432468098066359308285","115085072435289944939316525734128427942","220393412088676780540681191301649355092"]},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Line"},{"target":{"function":"setMaxMessageSize","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-a2d5aecc","digest":{"function_hash":"296001129545403599470403652940854671200","length":971},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setSubscriptionTypesEnabled","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-a7f33056","digest":{"function_hash":"107213121494585578371937998261052135039","length":1086},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removePublishRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-aa2cd1a3","digest":{"function_hash":"120412613223318078168141063341578754529","length":880},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"file":"pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/TopicPoliciesAuthZTest.java"},"id":"CVE-2024-28098-aa3a12d3","digest":{"threshold":0.9,"line_hashes":["255643079916472334821919878443949642982","338661719032176470535865706991852171457","65115614003686394290469848011192264465","204134238819951355655964282094891984475","127615561674651895533907115593489064272","75649013846579560128305864993973701315","58550991716644288618716721260338894056","50054664175600630025427036844523217704","60300691397125946863843520716225856559","159625620681359727281116733052689272560"]},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Line"},{"target":{"function":"removeMaxSubscriptionsPerTopic","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-b2bff129","digest":{"function_hash":"271889928106418492862424471774845426985","length":866},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setOffloadPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-b428d8a8","digest":{"function_hash":"166049027665114672786864596826128527156","length":782},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getReplicationClusters","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-b5ec27ad","digest":{"function_hash":"282823957400767688433675042822476781387","length":849},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getSubscribeRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-b90cfa7e","digest":{"function_hash":"72308735855583893511047246973759280639","length":717},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getBacklog","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-b9240d21","digest":{"function_hash":"213058245864816755068469361823055472621","length":1107},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeMaxConsumers","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-b9e3e569","digest":{"function_hash":"17935940895197853533637442768372392895","length":844},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setReplicatorDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-bcb761c0","digest":{"function_hash":"317850562884164906528735528372460316115","length":1007},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setDeduplication","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-be05bf06","digest":{"function_hash":"299681748126244565917131740428882492638","length":793},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getBacklogQuotaMap","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-be6ec057","digest":{"function_hash":"3118061205647979534398867552868563200","length":719},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getDelayedDeliveryPolicies","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-bfc198c7","digest":{"function_hash":"207004384016724329538446955796856132064","length":727},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setCompactionThreshold","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-c12f1bd1","digest":{"function_hash":"24542201321070175336885903747649759970","length":1072},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeSubscribeRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-c243830a","digest":{"function_hash":"332038635358675192307297056872646996002","length":962},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeMessageTTL","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-c2578289","digest":{"function_hash":"231250729307732891947760454872787458559","length":699},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxMessageSize","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-d27ad6f5","digest":{"function_hash":"81973401715235948271109608160485078251","length":756},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setAutoSubscriptionCreation","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-d61ca872","digest":{"function_hash":"225944360308910096578670308760574361549","length":682},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxSubscriptionsPerTopic","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-d8d347e3","digest":{"function_hash":"309232203643119718417952560764423155806","length":734},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setPersistence","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-dc475b6d","digest":{"function_hash":"229027641300281571040570905828522098823","length":1065},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"deleteMaxUnackedMessagesOnConsumer","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-de119309","digest":{"function_hash":"165148325776124143770361583298843923009","length":717},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getDeduplicationSnapshotInterval","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-de626fd5","digest":{"function_hash":"207755507532186812230850169357607487318","length":750},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getDeduplication","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-df687b3c","digest":{"function_hash":"117481416245404528441253194491150919519","length":717},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setMaxConsumers","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-e28cce14","digest":{"function_hash":"199677949733634217031719718472650723674","length":945},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setSubscriptionDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-e48cf6a5","digest":{"function_hash":"133164912539190427369459324560575975002","length":1097},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"removeMaxMessageSize","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-ea2fc222","digest":{"function_hash":"108289117158254328187210264968412326686","length":856},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getMaxConsumers","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-ea92656c","digest":{"function_hash":"43965519042377833561836740298968364033","length":716},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getPersistence","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-f5031213","digest":{"function_hash":"48696995088823263946977357411705974484","length":715},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getSubscriptionDispatchRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-f7f0e034","digest":{"function_hash":"118369865377347796660956881164393578925","length":728},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"getCompactionThreshold","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-fb5f6392","digest":{"function_hash":"48099532275599164552137710457646998821","length":723},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"},{"target":{"function":"setSubscribeRate","file":"pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/PersistentTopics.java"},"id":"CVE-2024-28098-fd144fe3","digest":{"function_hash":"12510819008764859912978852119283084738","length":1075},"deprecated":false,"source":"https://github.com/apache/pulsar/commit/dcaf508f8e381107125e98722f4ddab76f9303ad","signature_version":"v1","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28098.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}