Dugong42

**Name of the Vulnerable Software and Affected Versions** Karapace versions 5.0.0 through 5.0.1 **Description** Karapace, an open-source implementation of Kafka REST and Schema Registry, has an issue where authentication checks are bypassed when OAuth 2.0 Bearer Token authentication is enabled. Specifically, if a request does not include an 'Authorization' header, the token validation process is skipped. This allows unauthorized access to Schema Registry endpoints that should require authentication, effectively disabling the OAuth authentication mechanism. **Recommendations** Update to version 5.0.2 or later.