CVE-2024-32030 – Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

https://notcve.org/view.php?id=CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX ports. JMX is based on the RMI protocol, so it is inherently susceptible to deserialization attacks. A potential attacker can exploit this feature by connecting Kafka UI backend to its own malicious broker. • https://github.com/huseyinstif/CVE-2024-32030-Nuclei-Template https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36 https://github.com/provectus/kafka-ui/pull/4427 https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •