Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Strimzi 安全漏洞
Vulnerability Description
Strimzi是Strimzi开源的一种允许在 Kubernetes 上以各种部署配置运行 Apache Kafka 集群的程序。 Strimzi 0.41.0 及之前版本存在安全漏洞,该漏洞源于Kafka Connect REST API 中的访问控制不正确,允许攻击者拒绝 Kafka Mirroring 服务,并可能通过恶意连接器将主题的内容镜像到他的 Kafka 集群,并通过查询 MirrorMaker Kafka REST API 窃取 Kafka SASL 凭据。
CVSS Information
N/A
Vulnerability Type
N/A