CVE-2018-1288

5.4MEDIUM

Key Information:

Vendor: Apache
Status: Apache Kafka
Vendor: CVE Published:; 26 July 2018

Badges

👾 Exploit Exists

Summary

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Affected Version(s)

Apache Kafka 0.9.0.0 to 0.9.0.1

Apache Kafka 0.10.0.0 to 0.10.2.1

Apache Kafka 0.11.0.0 to 0.11.0.2

References

https://lists.apache.org/thread.html/29f61337323f48c47d4b...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/104900

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2018:3768

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 20, 2020
👾
Exploit known to exist
Feb 20, 2020
Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Dec 7, 2017

.