Lucene search
K

4 matches found

OSV
OSV
added 2023/02/07 9:30 p.m.60 views

GHSA-26F8-X7CC-WQPC Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.7AI score0.95302EPSS
Exploits8References6
Github Security Blog
Github Security Blog
added 2023/02/07 9:30 p.m.60 views

Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.6AI score0.95302EPSS
Exploits8References6Affected Software1
NVD
NVD
added 2023/02/07 8:15 p.m.24 views

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.8AI score0.95302EPSS
Exploits8References3
CVE
CVE
added 2023/02/07 7:11 p.m.335 views

CVE-2023-25194

CVE-2023-25194 is evidenced by multiple connected advisories detailing a SASL JAAS/JndiLoginModule-based deserialization vulnerability in Apache Kafka and Kafka Connect. An authenticated operator can inject SASL JAAS config (e.g., sasl.jaas.config via producer/consumer/admin overrides) to point t...

8.8CVSS8.8AI score0.95302EPSS
Exploits8References3Affected Software1
Rows per page
Query Builder