[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-1288: Authenticated Kafka clients may interfere with data replication
From: Rajini Sivaram <rajinisivaram () gmail ! com>
Date: 2018-07-26 9:25:22
Message-ID: CAOJcB3_j1XqXK3TnJaqZrga0d13=taYOVoG9cGG0og5Zf+=L5w () mail ! gmail ! com
[Download RAW message or body]
CVE-2018-1288: Authenticated Kafka clients may interfere with data
replication
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to
0.11.0.2, 1.0.0
Description:
Authenticated Kafka users may perform action reserved for the Broker via a
manually created fetch request interfering with data replication, resulting
in data loss.
Mitigation:
Apache Kafka users should upgrade to one of the following versions where
this vulnerability has been fixed.
- 0.10.2.2 or higher
- 0.11.0.3 or higher
- 1.0.1 or higher
- 1.1.0 or higher
Acknowledgements:
We would like to thank Edoardo Comar and Mickael Maison for reporting this
issue and providing a resolution.
Regards,
Rajini
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic