Data Replication Vulnerability in Apache Kafka by Confluent
CVE-2018-1288

5.4MEDIUM

Key Information:

Vendor

Apache
Status
Apache Kafka
Vendor
CVE Published:
26 July 2018

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2018-1288?

In certain versions of Apache Kafka, an authentication flaw allows authenticated users to issue commands typically reserved for the Broker. This vulnerability can lead to unauthorized interference with data replication processes, potentially resulting in data loss and inconsistencies within the system. Proper security measures and version updates are recommended to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Kafka 0.9.0.0 to 0.9.0.1

Apache Kafka 0.10.0.0 to 0.10.2.1

Apache Kafka 0.11.0.0 to 0.11.0.2

References

https://lists.apache.org/thread.html/29f61337323f48c47d4b...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/104900
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:3768
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.