Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-17196

Опубликовано: 11 июл. 2019
Источник: debian
EPSS Низкий

Описание

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
kafkaitppackage

EPSS

Процентиль: 59%
0.00381
Низкий

Связанные уязвимости

redhat логотип

CVE-2018-17196

CVSS3: 8.8
redhat
больше 6 лет назад

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

nvd логотип

CVE-2018-17196

CVSS3: 8.8
nvd
больше 6 лет назад

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

github логотип

GHSA-47w3-66wq-cpxg

CVSS3: 8.8
github
больше 3 лет назад

Improper Input Validation in Apache Kafka

fstec логотип

BDU:2022-03778

CVSS3: 8.8
fstec
больше 6 лет назад

Уязвимость диспетчера сообщений Apache Kafka, связанная с недостатками разграничения доступа, позволяющая нарушителю обойти ограничения безопасности

EPSS

Процентиль: 59%
0.00381
Низкий