SUSE CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector bypassing Kafka ACL if it exists, and potentially stea...

CVE-2024-36543

CVE-2024-36543 describes an incorrect access-control flaw in the Strimzi project’s Kafka Connect REST API (versions ≤ 0.41.0). The vulnerability allows an unauthenticated or insufficiently authenticated attacker to: (1) deny the Kafka Mirroring service, (2) mirror topic content to their own Kafka...

PT-2024-27064 · Unknown · Strimzi Project

Name of the Vulnerable Software and Affected Versions: STRIMZI Project versions 0.41.0 and earlier Description: The issue is related to incorrect access control in the Kafka Connect REST API, which can be exploited to deny service for Kafka Mirroring. An attacker can potentially mirror topics'...