19 matches found
Apache Kafka Client - Arbitrary File Read
Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...
BIT-KAFKA-2026-33557 Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...
GHSA-28JG-CGG7-J4WC Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation
A security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. An attacke...
CVE-2026-33557
CVE-2026-33557 affects Apache Kafka where the broker’s default oauthbearer JWT validator (DefaultJwtValidator) accepts any JWT without validating signature, issuer, or audience. An attacker can generate a token from any issuer with a chosen preferred_username, and the broker will accept it. Techn...
PT-2026-33644
Name of the Vulnerable Software and Affected Versions Apache Kafka versions prior to 3.9.2 Apache Kafka versions prior to 4.0.1 Description The NetworkClient component outputs complete request and response information when the log level is set to DEBUG. While the default log level is INFO, enabli...
PT-2026-33633
Name of the Vulnerable Software and Affected Versions Apache Kafka versions 4.1.0 through 4.1.1 Description An issue exists in the OAUTHBEARER authentication mechanism where the broker property sasl.oauthbearer.jwt.validator.class defaults to...
VulnCheck KEV: CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
curl: Connection Reuse Ignores OAuth Bearer Token Mismatch
Summary: The connection pool reuse function urlmatchconn in lib/url.c checks oauthbearer in its credential match block — but only for protocols marked as requiring per-connection credentials. For HTTP, OAuth bearer is passed as a header, not a protocol-level credential. If a libcurl application...
curl: In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure.
Summary: This vulnerability arises because curl fails to validate the contents of the username when constructing OAuth2 authentication messages. Depending on the server-side implementation, this could lead to log tampering or credential spoofing. Affected version curl 8.18.0...
GHSA-VF6J-C56P-CQ58 MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token
Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004930)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004930 advisory. When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP...
CVE-2025-14524
When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...
org.apache.kafka: Kafka Client Arbitrary File Read SSRF
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...
Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution and Server-Side Request Forgery (CVE-2025-27818, CVE-2025-27817)
Summary IBM Event Streams is vulnerable to remote code execution via unsafe deserialization in Kafka Connect configurations, and another enabling server-side request forgery and arbitrary file read through misconfigured OAuthBearer endpoints in Kafka Clients. Vulnerability Details...
Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data
Summary A vulnerability in Apache Kafka Client allows for arbitrary file read and Server-Side Request Forgery SSRF through misconfigured SASL/OAUTHBEARER settings, specifically the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url parameters. If client configurations are...
Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818)
Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application CVE-2025-27817,CVE-2025-27818 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apach...
org.apache.kafka: Kafka Client Arbitrary File Read SSRF
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...
CVE-2022-31069
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...
CVE-2022-31069 Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in...