CVE-2018-1288 – org.apache.kafka:kafka

Package

Manager: maven
Name: org.apache.kafka:kafka
Vulnerable Version: >=0.9.0.0 <0.10.2.2 || >=0.11.0.0 <0.11.0.3 || =1.0.0 || >=1.0.0 <1.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00932 pctl0.75246

Details

Improper Control of Generation of Code in Apache Kafka In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Metadata

Created: 2022-05-13T01:02:18Z
Modified: 2022-06-29T22:43:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gh27-38p5-mrxc/GHSA-gh27-38p5-mrxc.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-gh27-38p5-mrxc
Finding: F184
Auto approve: 1