admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-17196.md

21 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2018-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196)
![](https://img.shields.io/static/v1?label=Product&message=Kafka&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
### Description
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.
### POC
#### Reference
- https://www.oracle.com/security-alerts/cpujul2020.html
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpujul2020.html
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
- https://www.oracle.com/security-alerts/cpuoct2020.html
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://www.oracle.com/security-alerts/cpuoct2020.html
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
#### Github
- https://github.com/isxbot/software-assurance
Reference in New Issue Copy Permalink