Data Replication Vulnerability in Apache Kafka by Confluent
CVE-2018-1288

5.4MEDIUM

Key Information:

Vendor: Apache
Status: Apache Kafka
Vendor: CVE Published:; 26 July 2018

🔔 Create Apache Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-1288?

In certain versions of Apache Kafka, an authentication flaw allows authenticated users to issue commands typically reserved for the Broker. This vulnerability can lead to unauthorized interference with data replication processes, potentially resulting in data loss and inconsistencies within the system. Proper security measures and version updates are recommended to mitigate these risks.

Affected Version(s)

Apache Kafka 0.9.0.0 to 0.9.0.1

Apache Kafka 0.10.0.0 to 0.10.2.1

Apache Kafka 0.11.0.0 to 0.11.0.2

References

https://lists.apache.org/thread.html/29f61337323f48c47d4b...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/104900

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2018:3768

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 20, 2020
👾
Exploit known to exist
Feb 20, 2020
Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Dec 7, 2017

.