Raihanadiarba

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4.

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4.

**Name of the Vulnerable Software and Affected Versions** Octopus Server (affected versions not specified) **Description** A user with limited privileges could manipulate an API request to modify the signing key expiration and revocation time frames. This was possible due to incorrect permission validation on an API endpoint. It was not possible to expose the signing keys using this issue. The affected API endpoint allowed modification of signing key settings. The vulnerable action involved manipulating an API request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.