Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA

Improper Control of Generation of Code in Apache Kafka

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Permalink: https://github.com/advisories/GHSA-gh27-38p5-mrxc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Identifiers: GHSA-gh27-38p5-mrxc, CVE-2018-1288
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-1288
• https://access.redhat.com/errata/RHSA-2018:3768
• https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef@%3Cusers.kafka.apache.org%3E
• https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
• https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3E
• https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
• https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40@%3Cissues.flink.apache.org%3E
• https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3E
• https://www.oracle.com/security-alerts/cpujul2020.html
• http://www.securityfocus.com/bid/104900
• https://github.com/advisories/GHSA-gh27-38p5-mrxc

Blast Radius: 1.0

Affected Packages