Lucene search
K

10 matches found

Atlassian
Atlassian
added 2023/10/06 5:45 p.m.48 views

Apache Kafka Connect API Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.21.0, 8.7.1, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...

8.8CVSS7AI score0.95302EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2023/06/21 4:24 p.m.62 views

CVE-2023-25194

A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...

8.8CVSS7.6AI score0.95302EPSS
Exploits8References5
CNVD
CNVD
added 2023/02/17 12:0 a.m.83 views

Apache Kafka Code Issue Vulnerability (CNVD-2023-23554)

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A code issue vulnerability exists in Apache Kafka...

8.8CVSS8.7AI score0.95302EPSS
Exploits8References1
OSV
OSV
added 2023/02/07 9:30 p.m.60 views

GHSA-26F8-X7CC-WQPC Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.7AI score0.95302EPSS
Exploits8References6
UbuntuCve
UbuntuCve
added 2023/02/07 8:15 p.m.97 views

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS7.1AI score0.95302EPSS
Exploits8References3
Cvelist
Cvelist
added 2023/02/07 7:11 p.m.26 views

CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.9AI score0.95302EPSS
Exploits8References3
CVE
CVE
added 2023/02/07 7:11 p.m.335 views

CVE-2023-25194

CVE-2023-25194 is evidenced by multiple connected advisories detailing a SASL JAAS/JndiLoginModule-based deserialization vulnerability in Apache Kafka and Kafka Connect. An authenticated operator can inject SASL JAAS config (e.g., sasl.jaas.config via producer/consumer/admin overrides) to point t...

8.8CVSS8.8AI score0.95302EPSS
Exploits8References3Affected Software1
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.2 views

Apache Kafka 代码问题漏洞

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A code issue vulnerability exists in Apache Kafka...

8.8CVSS7.7AI score0.95302EPSS
Exploits8References8
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.5 views

PT-2023-19973

Name of the Vulnerable Software and Affected Versions Apache Kafka Connect versions prior to 3.4.0 Apache Kafka versions 2.3.0 through 3.3.x Bitbucket Data Center and Server versions 7.21.0 through 8.12.0 Description A possible security vulnerability has been identified in Apache Kafka Connect AP...

8.8CVSS6.8AI score0.95302EPSS
Exploits8References23
RedHat Linux
RedHat Linux
added 2022/03/31 11:14 a.m.38 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.5 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

5.9CVSS6.8AI score0.05773EPSS
Exploits0References4
Rows per page
Query Builder