9 matches found
EUVD-2024-2592
Malicious code in bioql PyPI...
Improper Hostname Verification
io.kroxylicious, kroxylicious-runtime is vulnerable to Improper Hostname Verification. The vulnerability is due to Kroxylicious failing to properly verify the server's hostname during a TLS connection, which allows an attacker to intercept or manipulate communications...
GHSA-H83P-72JV-G7VP Missing hostname validation in Kroxylicious
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
Missing hostname validation in Kroxylicious
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285
CVE-2024-8285 affects Kroxylicious, where TLS upstream connections to Kafka fail to verify the server hostname. This creates a potential for MITM and data integrity/confidentiality impact. Attacks require network access and, per the sources, may require high privileges to modify Kroxylicious conf...
CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...