| <!--#include virtual="includes/_header.htm" --> |
| <!--#include virtual="includes/_top.htm" --> |
| <div class="content"> |
| <!--#include virtual="includes/_nav.htm" --> |
| <div class="right"> |
| |
| <h1>Apache Kafka Security Vulnerabilities</h1> |
| |
| This page lists all security vulnerabilities fixed in released versions of Apache Kafka. |
| |
| <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288">CVE-2018-1288</a> |
| Authenticated Kafka clients may interfere with data replication</h2> |
| |
| <p>Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request |
| interfering with data replication, resulting in data loss.</p> |
| |
| <table class="data-table"> |
| <tbody> |
| <tr> |
| <td>Versions affected</td> |
| <td>0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, 1.0.0</td> |
| </tr> |
| <tr> |
| <td>Fixed versions</td> |
| <td>0.10.2.2, 0.11.0.3, 1.0.1, 1.1.0</td> |
| </tr> |
| <tr> |
| <td>Impact</td> |
| <td>This issue could potentially lead to data loss.</td> |
| </tr> |
| <tr> |
| <td>Issue announced</td> |
| <td>26 July 2018</td> |
| </tr> |
| </tbody> |
| </table> |
| |
| |
| <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12610">CVE-2017-12610</a> |
| Authenticated Kafka clients may impersonate other users</h2> |
| |
| <p>Authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM |
| authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.</p> |
| |
| <table class="data-table"> |
| <tbody> |
| <tr> |
| <td>Versions affected</td> |
| <td>0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.1</td> |
| </tr> |
| <tr> |
| <td>Fixed versions</td> |
| <td>0.10.2.2, 0.11.0.2, 1.0.0</td> |
| </tr> |
| <tr> |
| <td>Impact</td> |
| <td>This issue could result in privilege escalation.</td> |
| </tr> |
| <tr> |
| <td>Issue announced</td> |
| <td>26 July 2018</td> |
| </tr> |
| </tbody> |
| </table> |
| |
| |
| <!--#include virtual="includes/_footer.htm" --> |