Описание
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | kafka | Not affected | ||
| Red Hat Mobile Application Platform 4 | kafka | Not affected | ||
| Red Hat OpenShift Application Runtimes | kafka | Will not fix | ||
| Red Hat Fuse 7.2 | kafka | Fixed | RHSA-2018:3768 | 04.12.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1611059kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 7 лет назад
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
CVSS3: 5.4
debian
больше 7 лет назад
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to ...
CVSS3: 5.4
github
больше 3 лет назад
Improper Control of Generation of Code in Apache Kafka
5.4 Medium
CVSS3