CVE-2017-12610

6.8MEDIUM

Key Information:

Vendor: Apache
Status: Apache Kafka
Vendor: CVE Published:; 26 July 2018

Summary

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

Affected Version(s)

Apache Kafka 0.10.0.0 to 0.10.2.1

Apache Kafka 0.11.0.0 to 0.11.0.1

References

https://lists.apache.org/thread.html/b6157be1a09df3322942...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/104899

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Aug 7, 2017

.