Veracode Vulnerability DatabaseVERACODE:35783Access-Control Bypass
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
43.7%
Apache Kafka is vulnerable to access control bypass. The vulnerability exists due to a lack of verification of authorization of authenticated clients, allowing an attacker to manually craft a Produce request which bypasses transaction/idempotent ACL validation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache kafka | le | 2.1.0 | |
| apache kafka | le | 2.1.0 |
References
lists.apache.org/thread/27sdzn7m5qs511sly3rqoyfp9foy3s2o
lists.apache.org/thread/3s0qb3r8tft1ppdyqtb6sj7xb7t3vn17
lists.apache.org/thread/fhk12c4p9cvzc2d8noq2rjz6dsmh4mx0
lists.apache.org/thread/kn9z5s0jxmk1yy96dg05n11r654c5b35
lists.apache.org/thread/pvoyyzq67ymo1ktwp5j7s6spf2sz0vfk
lists.apache.org/thread/svdsr6wxkm4lwrww0hpoqcodfv7j4xd6
www.mail-archive.com/[email protected]/msg99277.html
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
43.7%