Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
CVE-2023-25194
Key Information:
- Vendor
Apache
- Status
- Vendor
- CVE Published:
- 7 February 2023
Badges
What is CVE-2023-25194?
A security vulnerability exists in the Apache Kafka Connect API, allowing authenticated operators to manipulate connector configurations and introduce malicious JAAS settings. When exploiting this flaw, an attacker can connect to their own LDAP server through the Kafka Connect infrastructure, leading to potential remote code execution via deserialization. This vulnerability affects configurations starting from Apache Kafka Connect 2.3.0 and necessitates thorough validation of connector settings. Users are urged to utilize available security properties in newer versions and implement strict controls for connector configurations to mitigate associated risks.
Affected Version(s)
Apache Kafka Connect API 2.3.0 < 3.4.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved