← Voltar para CVEs
CVE-2024-36543
CRITICAL9.8
Descricao
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/17/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-400
Referencias
http://strimzi.com(cve@mitre.org)
http://strimzi.com(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/almounah/vulnerability-research/tree/main/CVE-2024-36543(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.