PT-2018-11446 · Apache · Apache Kafka

Publicado

2018-07-26

·

Atualizado

2024-06-15

·

CVE-2018-1288

CVSS v2.0

5.5

Média

VetorAV:N/AC:L/Au:S/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions Apache Kafka versions 0.9.0.0 through 0.9.0.1 Apache Kafka versions 0.10.0.0 through 0.10.2.1 Apache Kafka versions 0.11.0.0 through 0.11.0.2 Apache Kafka version 1.0.0
Description The issue allows authenticated Kafka users to perform actions reserved for the Broker by creating a manual fetch request, which can interfere with data replication and result in data loss.
Recommendations For Apache Kafka versions 0.9.0.0 through 0.9.0.1, update to a version outside of this range to resolve the issue. For Apache Kafka versions 0.10.0.0 through 0.10.2.1, update to a version outside of this range to resolve the issue. For Apache Kafka versions 0.11.0.0 through 0.11.0.2, update to a version outside of this range to resolve the issue. For Apache Kafka version 1.0.0, update to a newer version to resolve the issue.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2018-1288
GHSA-GH27-38P5-MRXC
OPENSUSE-SU-2024:10886-1
SUSE-SU-2018:2536-1
SUSE-SU-2018:3563-1

Produtos afetados

Apache Kafka