MINOR: Update CVE-2023-25194 details
diff --git a/cve-list.html b/cve-list.html
index 01f6cc1..3d90e0f 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -9,9 +9,9 @@
This page lists all security vulnerabilities fixed in released versions of Apache Kafka.
- <h2 id="CVE-2023-25194"><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194">CVE-2023-25194</a> Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect </h2>
+ <h2 id="CVE-2023-25194"><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194">CVE-2023-25194</a> Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Apache Kafka Connect API </h2>
- <p>A possible security vulnerability has been identified in Apache Kafka Connect.
+ <p>A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. This will allow to perform JNDI requests
that result in Denial of service/remote code execution.
@@ -21,11 +21,11 @@
<tbody>
<tr>
<td>Versions affected</td>
- <td>2.3.0 - 3.3.2</td>
+ <td>Apache Kafka Connect API (<a href="https://mvnrepository.com/artifact/org.apache.kafka/connect-api">connect-api</a>,<a href="https://mvnrepository.com/artifact/org.apache.kafka/connect-runtime">connect-runtime</a>) : 2.3.0 - 3.3.2</td>
</tr>
<tr>
<td>Fixed versions</td>
- <td>3.4.0</td>
+ <td>Apache Kafka Connect API (<a href="https://mvnrepository.com/artifact/org.apache.kafka/connect-api">connect-api</a>,<a href="https://mvnrepository.com/artifact/org.apache.kafka/connect-runtime">connect-runtime</a>) : 3.4.0</td>
</tr>
<tr>
<td>Impact</td>
