Aiven Ltd: [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia

Summary: The Aiven JDBC sink includes the SQLite JDBC Driver. This JDBC driver can be used to upload SQLite database files onto the server. The HTTP sink connector allows sending HTTP requests to localhost. There is unprotected Jolokia listening on localhost:6725. JMX exports the...

Aiven Ltd: Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration

Summary: When configuring the connector via the Aiven API or the Kafka Connect REST API, the attacker can set the database.history.producer.sasl.jaas.config connector property for the io.debezium.connector.mysql.MySqlConnector connector. This is likely true for other debezium connectors too. By...

Aiven Ltd: 0-day Cross Origin Request Forgery vulnerability in Grafana 8.x .

Disclaimer To triage, please note that this is still a 0-day that was alerted to Grafana already, in order to make sure the client is safe I report this issue now, please make sure to not spread it further or leak it, as the best interest is to let you be aware and safer from any potential attack...

Aiven Ltd: Apache Flink RCE via GET jar/plan API Endpoint

Summary: Aiven has not restricted access to the GET jars/jarid/plan API. This endpoint can be used to load java class files with the specified arguments that are in the java classpath on the server. This can be abused to gain RCE on the Apache Flink Server. Steps To Reproduce: The video below sho...

Aiven Ltd: Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read

Summary: Hi team, I've found a path traversal issue in the Grafana instances hosted on the Aiven platforms. With the path traversal it's possible for an unauthenticated user to read arbitrary files on the server. Steps To Reproduce: 1. Login at https://console.aiven.io 1. Create a new Grafana...

Aiven Ltd: Grafana RCE via SMTP server parameter injection

Summary: This report is similar to 1180653, except with different parameter injection entrypoint. SMTP server password configuration setting accepts new line characters. This can be used to set non-exported configuration variables. Using this CRLF-injection, the renderingargs of grafana image...