CVE-2018-17196
- EPSS 0.25%
- Veröffentlicht 11.07.2019 21:15:09
- Zuletzt bearbeitet 21.11.2024 03:54:04
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploi...
CVE-2017-12610
- EPSS 0.29%
- Veröffentlicht 26.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:09:53
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implem...
CVE-2018-1288
- EPSS 0.67%
- Veröffentlicht 26.07.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:33
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data ...