CVE-2018-17196

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-17196
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17196.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-17196
Aliases
Published
2019-07-11T21:15:09Z
Modified
2024-05-29T23:34:56Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

References

Affected packages

Git / github.com/apache/kafka

Affected ranges

Type
GIT
Repo
https://github.com/apache/kafka
Events