5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Apache Kafka is an open source distributed streaming platform developed by the Apache Software Foundation in the United States. A timing attack vulnerability exists in some versions of Apache Kafka, which enables access to real-time data for building applications that react in real time to changes in the data stream. The vulnerability is primarily due to Kafka’s use of the Arrays.equals component for key or password authentication, which can be used by attackers to brute-force users who use such credentials to authenticate their identities, thereby gaining access to credentials and elevating system privileges.
CPE | Name | Operator | Version |
---|---|---|---|
Apache Kafka | eq | 2.8.0 | |
Apache Kafka >=2.0.0, | lt | 2.6.3 | |
Apache Kafka >=2.7.0, | lt | 2.7.2 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N