User Impersonation Vulnerability in Apache Kafka by Confluent
CVE-2017-12610

6.8MEDIUM

Key Information:

Vendor

Apache
Status
Apache Kafka
Vendor
CVE Published:
26 July 2018

What is CVE-2017-12610?

In Apache Kafka versions 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients can exploit a vulnerability that allows them to impersonate other users. This can be achieved through the manipulation of protocol messages while utilizing either SASL/PLAIN or SASL/SCRAM authentication methods. This impersonation risk poses significant threats to the security and integrity of data handled by Kafka, making it essential for users to implement security measures and updates to safeguard against potential exploitation.

Affected Version(s)

Apache Kafka 0.10.0.0 to 0.10.2.1

Apache Kafka 0.11.0.0 to 0.11.0.1

References

https://lists.apache.org/thread.html/b6157be1a09df3322942...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/104899
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.