Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA
Improper Control of Generation of Code in Apache Kafka
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
Permalink: https://github.com/advisories/GHSA-gh27-38p5-mrxcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS Percentage: 0.00088
EPSS Percentile: 0.39165
Identifiers: GHSA-gh27-38p5-mrxc, CVE-2018-1288
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1288
- https://access.redhat.com/errata/RHSA-2018:3768
- https://lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef@%3Cusers.kafka.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3E
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://www.securityfocus.com/bid/104900
- https://github.com/advisories/GHSA-gh27-38p5-mrxc
Affected Packages
maven:org.apache.kafka:kafka
Affected Version Ranges: = 1.0.0, >= 0.11.0.0, <= 0.11.0.2, >= 0.9.0.0, <= 0.10.2.1Fixed in: 1.0.1, 0.11.0.3, 0.10.2.2