GHSA-q2xx-f8r3-9mg5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q2xx-f8r3-9mg5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-q2xx-f8r3-9mg5/GHSA-q2xx-f8r3-9mg5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q2xx-f8r3-9mg5
- Aliases
-
- CVE-2024-36543
- Published
- 2024-06-17T21:31:10Z
- Modified
- 2024-07-05T18:07:52.883151Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- STRIMZI incorrect access control
- Details
-
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2024-06-18T16:34:17Z", "nvd_published_at": "2024-06-17T19:15:58Z", "severity": "HIGH", "cwe_ids": [ "CWE-306", "CWE-400" ] }- References
Affected packages
Maven / io.strimzi:strimzi
Package
- Name
- io.strimzi:strimzi
- View open source insights on deps.dev
- Purl
- pkg:maven/io.strimzi/strimzi
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.41.0
Affected versions
0.*
0.9.0
0.10.0
0.11.0
0.11.1
0.11.2
0.11.3
0.11.4
0.12.0
0.12.1
0.12.2
0.13.0
0.14.0
0.15.0
0.16.0
0.16.1
0.16.2
0.17.0
0.18.0
0.19.0
0.20.0
0.20.1
0.21.0
0.21.1
0.22.0
0.22.1
0.23.0
0.24.0
0.25.0
0.26.0
0.26.1
0.27.0
0.27.1
0.28.0
0.29.0
0.30.0
0.31.0
0.31.1
0.32.0
0.33.0
0.33.1
0.33.2
0.34.0
0.35.0
0.35.1
0.36.0
0.36.1
0.37.0
0.38.0
0.39.0
0.40.0
0.41.0