In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2019-07-11T20:37:56

Updated: 2024-08-05T10:39:59.702Z

Reserved: 2018-09-19T00:00:00

Link: CVE-2018-17196

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-11T21:15:09.530

Modified: 2024-11-21T03:54:04.293

Link: CVE-2018-17196

cve-icon Redhat

Severity : Important

Publid Date: 2019-07-11T00:00:00Z

Links: CVE-2018-17196 - Bugzilla