QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12399

Published: Jan 14, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

Vendor	Product	Versions
Apache	Kafka	affected `Apache Kafka 2.0.0` affected `2.0.1` affected `2.1.0` affected `2.1.1` affected `2.2.0` +2 more versions

References

[kafka-users] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint

mailing-list

x_refsource_MLIST

[oss-security] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint

mailing-list

x_refsource_MLIST

[announce] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint

mailing-list

x_refsource_MLIST

[kafka-dev] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint

mailing-list

x_refsource_MLIST

[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)

mailing-list

x_refsource_MLIST

[druid-commits] 20200126 [GitHub] [druid] clintropolis opened a new pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200126 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] ccaominh opened a new pull request #9261: Address CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9261: Address CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] ccaominh closed pull request #9261: Address CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9261: Address CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200127 [GitHub] [druid] jihoonson merged pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399

mailing-list

x_refsource_MLIST

[druid-commits] 20200406 [GitHub] [druid] ccaominh commented on issue #9579: Add Apache Ranger Authorization

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

[kafka-commits] 20210921 [kafka-site] branch asf-site updated: Add CVE-2021-38153 (#375)

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.