Kafka@0.11.0.0 Security Vulnerabilities and Issues — Kafka@0.11.0.0 CVE List

Lucene search

ApacheKafka0.11.0.0

3 matches found

CVE•added 2019/07/11 9:15 p.m.•240 views

CVE-2018-17196

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1...

8.8CVSS8.3AI score0.00245EPSS

CVE•added 2018/07/26 2:29 p.m.•95 views

CVE-2018-1288

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

5.5CVSS5.5AI score0.00665EPSS

CVE•added 2018/07/26 2:29 p.m.•87 views

CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

6.8CVSS6.6AI score0.0029EPSS