Описание
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | kafka | Not affected | ||
| Red Hat JBoss Fuse 6 | kafka | Will not fix | ||
| Red Hat Mobile Application Platform 4 | kafka | Not affected | ||
| Red Hat OpenShift Application Runtimes | kafka | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-290
https://bugzilla.redhat.com/show_bug.cgi?id=1611049kafka: Clients authenticated with SASL/PLAIN or SASL/SCRAM can impersonate other users
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.8
nvd
больше 7 лет назад
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
CVSS3: 6.8
debian
больше 7 лет назад
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authent ...
5.4 Medium
CVSS3