exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2019-12399

около 6 лет назад

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

CVSS3: 7.5

EPSS: Низкий

CVE-2019-12399

около 6 лет назад

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

CVSS3: 7.5

EPSS: Низкий

CVE-2019-12399

около 6 лет назад

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0 ...

CVSS3: 7.5

EPSS: Низкий

GHSA-6jmf-mxwf-r3jc

больше 5 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka

CVSS3: 7.5

EPSS: Низкий

BDU:2021-01001

около 6 лет назад

Уязвимость компонента Connect workers диспетчера сообщений Apache Kafka, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-12399 When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.	CVSS3: 7.5	2% Низкий	около 6 лет назад
CVE-2019-12399 When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.	CVSS3: 7.5	2% Низкий	около 6 лет назад
CVE-2019-12399 When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0 ...	CVSS3: 7.5	2% Низкий	около 6 лет назад
GHSA-6jmf-mxwf-r3jc Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka	CVSS3: 7.5	2% Низкий	больше 5 лет назад
BDU:2021-01001 Уязвимость компонента Connect workers диспетчера сообщений Apache Kafka, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации	CVSS3: 7.5	2% Низкий	около 6 лет назад

Уязвимостей на страницу