CVE-2024-36543

Name of the Vulnerable Software and Affected Versions STRIMZI Project versions 0.41.0 and earlier

Description The issue is related to incorrect access control in the Kafka Connect REST API, which can be exploited to deny service for Kafka Mirroring. An attacker can potentially mirror topics' content to their own Kafka cluster via a malicious connector, bypassing existing Kafka ACL if it exists. Additionally, there is a risk of stealing Kafka SASL credentials by querying the MirrorMaker Kafka REST API.

Recommendations For STRIMZI Project versions 0.41.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.