CVE-2018-17196
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.
Kafka versiones entre 0.11.0.0 y 2.1.0 de Apache, es posible diseñar manualmente una petición Produce que omita la comprobación ACL de transaction/idempotent. Solo los clientes autenticados con permiso de escritura en los temas respectivos pueden explotar esta vulnerabilidad. Los usuarios deben actualizar a la versión 2.1.1 o posterior, donde esta vulnerabilidad ha sido solucionada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-19 CVE Reserved
- 2019-07-11 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Kafka Search vendor "Apache" for product "Kafka" | >= 0.11.0.0 <= 2.1.0 Search vendor "Apache" for product "Kafka" and version " >= 0.11.0.0 <= 2.1.0" | - |
Affected
|