CVE-2018-17196 – org.apache.kafka:kafka

Package

Manager: maven
Name: org.apache.kafka:kafka
Vulnerable Version: >=0.11.0.0 <2.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00187 pctl0.40746

Details

Improper Input Validation in Apache Kafka In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

Metadata

Created: 2022-05-24T16:50:01Z
Modified: 2022-06-29T19:04:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47w3-66wq-cpxg/GHSA-47w3-66wq-cpxg.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-47w3-66wq-cpxg
Finding: F184
Auto approve: 1