PT-2018-11446 · Apache · Apache Kafka
Published
2018-07-26
·
Updated
2024-06-15
·
CVE-2018-1288
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Kafka versions 0.9.0.0 through 0.9.0.1
Apache Kafka versions 0.10.0.0 through 0.10.2.1
Apache Kafka versions 0.11.0.0 through 0.11.0.2
Apache Kafka version 1.0.0
Description
The issue allows authenticated Kafka users to perform actions reserved for the Broker by creating a manual fetch request, which can interfere with data replication and result in data loss.
Recommendations
For Apache Kafka versions 0.9.0.0 through 0.9.0.1, update to a version outside of this range to resolve the issue.
For Apache Kafka versions 0.10.0.0 through 0.10.2.1, update to a version outside of this range to resolve the issue.
For Apache Kafka versions 0.11.0.0 through 0.11.0.2, update to a version outside of this range to resolve the issue.
For Apache Kafka version 1.0.0, update to a newer version to resolve the issue.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Kafka