Lucene search
K

19 matches found

Nuclei
Nuclei
added 6 days ago10 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7.2AI score0.62368EPSS
Exploits2References2
OSV
OSV
added 2026/04/22 8:40 a.m.3 views

BIT-KAFKA-2026-33557 Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...

9.1CVSS5.7AI score0.00581EPSS
Exploits0References7
OSV
OSV
added 2026/04/20 3:31 p.m.7 views

GHSA-28JG-CGG7-J4WC Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation

A security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. An attacke...

9.1CVSS5.4AI score0.00581EPSS
Exploits0References6
CVE
CVE
added 2026/04/20 1:28 p.m.51 views

CVE-2026-33557

CVE-2026-33557 affects Apache Kafka where the broker’s default oauthbearer JWT validator (DefaultJwtValidator) accepts any JWT without validating signature, issuer, or audience. An attacker can generate a token from any issuer with a chosen preferred_username, and the broker will accept it. Techn...

9.1CVSS5.7AI score0.00581EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.5 views

PT-2026-33644

Name of the Vulnerable Software and Affected Versions Apache Kafka versions prior to 3.9.2 Apache Kafka versions prior to 4.0.1 Description The NetworkClient component outputs complete request and response information when the log level is set to DEBUG. While the default log level is INFO, enabli...

8.7CVSS5.2AI score0.01125EPSS
Exploits0References76
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.11 views

PT-2026-33633

Name of the Vulnerable Software and Affected Versions Apache Kafka versions 4.1.0 through 4.1.1 Description An issue exists in the OAUTHBEARER authentication mechanism where the broker property sasl.oauthbearer.jwt.validator.class defaults to...

9.1CVSS5.7AI score0.00581EPSS
Exploits0References22
VulnCheck KEV
VulnCheck KEV
added 2026/04/08 12:0 a.m.77 views

VulnCheck KEV: CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS5.9AI score0.62368EPSS
In wildExploits2References2
Hacker One
Hacker One
added 2026/03/10 7:43 a.m.21 views

curl: Connection Reuse Ignores OAuth Bearer Token Mismatch

Summary: The connection pool reuse function urlmatchconn in lib/url.c checks oauthbearer in its credential match block — but only for protocols marked as requiring per-connection credentials. For HTTP, OAuth bearer is passed as a header, not a protocol-level credential. If a libcurl application...

8.1CVSS6.6AI score0.01914EPSS
Exploits1
Hacker One
Hacker One
added 2026/03/04 12:47 p.m.13 views

curl: In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure.

Summary: This vulnerability arises because curl fails to validate the contents of the username when constructing OAuth2 authentication messages. Depending on the server-side implementation, this could lead to log tampering or credential spoofing. Affected version curl 8.18.0...

5.8AI score
Exploits0
OSV
OSV
added 2026/02/06 6:52 p.m.7 views

GHSA-VF6J-C56P-CQ58 MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...

8.7CVSS5.3AI score0.00409EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004930)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004930 advisory. When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP...

5.3CVSS5.6AI score0.00611EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/18 11:20 a.m.3 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.9AI score0.00611EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.4 views

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

7.5CVSS7.4AI score0.62368EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 9:21 a.m.4 views

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution and Server-Side Request Forgery (CVE-2025-27818, CVE-2025-27817)

Summary IBM Event Streams is vulnerable to remote code execution via unsafe deserialization in Kafka Connect configurations, and another enabling server-side request forgery and arbitrary file read through misconfigured OAuthBearer endpoints in Kafka Clients. Vulnerability Details...

8.8CVSS7.9AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/11 8:52 a.m.11 views

Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data

Summary A vulnerability in Apache Kafka Client allows for arbitrary file read and Server-Side Request Forgery SSRF through misconfigured SASL/OAUTHBEARER settings, specifically the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url parameters. If client configurations are...

8.8CVSS6.8AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 11:1 a.m.7 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application CVE-2025-27817,CVE-2025-27818 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apach...

8.8CVSS7.3AI score0.62368EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2025/06/30 1:16 p.m.27 views

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

7.5CVSS7.2AI score0.62368EPSS
Exploits2References5
NVD
NVD
added 2022/06/15 7:15 p.m.36 views

CVE-2022-31069

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...

7.5CVSS0.00603EPSS
Exploits0References2
OSV
OSV
added 2022/06/15 7:0 p.m.21 views

CVE-2022-31069 Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...

5.8CVSS7.4AI score0.00603EPSS
Exploits0References4
Rows per page
Query Builder