cve-list.html

<!--#include virtual="includes/_header.htm" -->
<!--#include virtual="includes/_top.htm" -->
<div class="content">
	<!--#include virtual="includes/_nav.htm" -->
	<div class="right">

<h1>Apache Kafka Security Vulnerabilities</h1>

This page lists all security vulnerabilities fixed in released versions of Apache Kafka.

<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288">CVE-2018-1288</a>
Authenticated Kafka clients may interfere with data replication</h2>

<p>Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request
interfering with data replication, resulting in data loss.</p>

<table class="data-table">
<tbody>
  <tr>
    <td>Versions affected</td>
    <td>0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, 1.0.0</td>
  </tr>
  <tr>
    <td>Fixed versions</td>
    <td>0.10.2.2, 0.11.0.3, 1.0.1, 1.1.0</td>
  </tr>
  <tr>
    <td>Impact</td>
    <td>This issue could potentially lead to data loss.</td>
  </tr>
  <tr>
    <td>Issue announced</td>
    <td>26 July 2018</td>
  </tr>
</tbody>
</table>


<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12610">CVE-2017-12610</a>
Authenticated Kafka clients may impersonate other users</h2>

<p>Authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM
authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.</p>

<table class="data-table">
<tbody>
  <tr>
    <td>Versions affected</td>
    <td>0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.1</td>
  </tr>
  <tr>
    <td>Fixed versions</td>
    <td>0.10.2.2, 0.11.0.2, 1.0.0</td>
  </tr>
  <tr>
    <td>Impact</td>
    <td>This issue could result in privilege escalation.</td>
  </tr>
  <tr>
    <td>Issue announced</td>
    <td>26 July 2018</td>
  </tr>
</tbody>
</table>


<!--#include virtual="includes/_footer.htm" -->