Back to search
CVE-2018-17196
Published: Jul 11, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.
| Vendor | Product | Versions |
|---|---|---|
Apache | Kafka | affected 0.11.0.0 to 2.1.0 |
References
109139
vdb-entry
x_refsource_BID
[kafka-commits] 20190802 [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223)
mailing-list
x_refsource_MLIST
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
mailing-list
x_refsource_MLIST
[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)
mailing-list
x_refsource_MLIST
[druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now