Lucene search
Veracode Vulnerability DatabaseVERACODE:46409HistoryApr 15, 2024 - 8:30 a.m.
Incorrect Access Control
2024-04-1508:30:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
apache kafka
access control
vulnerability
zk to kraft mode
acl
migration
configuration
availability
confidentiality
integrity
Apache Kafka is vulnerable to Incorrect Access Control. The vulnerability is due to an error in ACL management during ZK to KRaft mode migration, specifically when an ACL is removed while two or more other ACLs remain associated with the same resource. This condition results in Kafka treating the resource as if it had only one remaining ACL, rather than the correct number. The impact depends on the configuration of the ACLs. If only ALLOW ACLs were configured during the migration, the impact would be limited to the availability impact. If DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configuration, as the DENY ACLs might be ignored during the migration period.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache kafka | le | 3.6.1 | |
| apache kafka | le | 3.6.1 |
Related
osv
osv
BIT-kafka-2024-27309
2024-04-16 07:20:25
redhatcve
redhatcve
CVE-2024-27309
2024-06-11 20:54:46
cve
cve
CVE-2024-27309
2024-04-12 07:15:08
cvelist
cvelist
github
github
nvd
nvd
CVE-2024-27309
2024-04-12 07:15:08
cgr
cgr
CVE-2024-27309 vulnerabilities
2024-05-19 03:07:16
