Data Replication Vulnerability in Apache Kafka by Confluent
CVE-2018-1288

5.4MEDIUM

Key Information:

Vendor
Apache
Status
Apache Kafka
Vendor
CVE Published:
26 July 2018

Badges

👾 Exploit Exists

Summary

In certain versions of Apache Kafka, an authentication flaw allows authenticated users to issue commands typically reserved for the Broker. This vulnerability can lead to unauthorized interference with data replication processes, potentially resulting in data loss and inconsistencies within the system. Proper security measures and version updates are recommended to mitigate these risks.

Affected Version(s)

Apache Kafka 0.9.0.0 to 0.9.0.1

Apache Kafka 0.10.0.0 to 0.10.2.1

Apache Kafka 0.11.0.0 to 0.11.0.2

References

https://lists.apache.org/thread.html/29f61337323f48c47d4b...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/104900
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:3768
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.